id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 16936 CSRF with AJAX documentation is out-of-date Idan Gazit nobody "Following the release of Django 1.2.5, we issued new guidelines on using CSRF protection with AJAX requests: https://www.djangoproject.com/weblog/2011/feb/08/security/ In that release, we included a JS snippet showing how to properly set the CSRF token header on AJAX requests, which never made it into the docs. In addition, the existing docs on using CSRF with AJAX are not as good as they could be. Right now, we mix together discussion of how to get the CSRF token and how to use it—breaking these out into logical sections would make the docs easier to read. Because the changes I'm making touch on security-related issues, I'd really like several pairs of practiced eyes to go over it before we make a change." New feature closed Documentation dev Normal fixed Accepted 1 0 0 0 0 0