id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16936	CSRF with AJAX documentation is out-of-date	Idan Gazit	nobody	"Following the release of Django 1.2.5, we issued new guidelines on using CSRF protection with AJAX requests: https://www.djangoproject.com/weblog/2011/feb/08/security/

In that release, we included a JS snippet showing how to properly set the CSRF token header on AJAX requests, which never made it into the docs.

In addition, the existing docs on using CSRF with AJAX are not as good as they could be. Right now, we mix together discussion of how to get the CSRF token and how to use it—breaking these out into logical sections would make the docs easier to read.

Because the changes I'm making touch on security-related issues, I'd really like several pairs of practiced eyes to go over it before we make a change."	New feature	closed	Documentation	dev	Normal	fixed			Accepted	1	0	0	0	0	0