CSRF AJAX section unclear
|Reported by:||morgan.harris@…||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The AJAX section of the CSRF page isn't clear about the need to include the template tag. The cookie isn't sent if the tag isn't included in the template, which is not explicitly mentioned at all on the page, and not even brought up anywhere near the AJAX section. There should be, somewhere either near the top or near the AJAX section, a note that is in a box or in some way delineated from the rest of the page, explaining that the cookie will only be sent if the template tag is used somewhere in the template. For AJAX requests, this isn't necessarily the case.
Note: this is after literally days of trying to track down why my CSRF token wasn't being sent. Perhaps it was an obvious solution, but perhaps not; after all, it's never mentioned in the docs. They imply that the cookie is always sent.