#26596 closed Bug (fixed)
Document {{ csrf_input }} in Jinja2 templates
Reported by: | Aymeric Augustin | Owned by: | B. J. Potter |
---|---|---|---|
Component: | Documentation | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | betojulio@… | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
It's the equivalent of {% csrf_token %} in Django templates.
It appears that I forgot to document it.
Attachments (1)
Change History (22)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
I saw that mention but I don't think it's sufficiently explicit about how to use that variable.
We should say that:
- {% csrf_token %} in Django templates translates to {{ csrf_input }} in Jinja2 templates
- {{ csrf_token }} works identically in Django templates and in Jinja2 templates
comment:3 by , 8 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:4 by , 8 years ago
Cc: | added |
---|---|
Owner: | changed from | to
Status: | new → assigned |
comment:6 by , 8 years ago
I believe this information would be more discoverable in the CSRF reference documentation, either in the "How to use it" section or in a new section.
We should talk about:
- the API offered by built-in template backends
- requirements for third-party backends, as described in DEP 182 (basically they have to provide a solution, but that solution isn't specified)
This will likely require tweaking the content a bit to clarify that the main examples are specific to Django templates.
comment:8 by , 8 years ago
{% csrf_token %} in Django templates translates to {{ csrf_input }} in Jinja2 templates
This is already specified in https://docs.djangoproject.com/en/dev/ref/csrf/#other-template-engines
{{ csrf_token }} works identically in Django templates and in Jinja2 templates
Should I put another example in step # 2 in https://docs.djangoproject.com/en/dev/ref/csrf/#how-to-use-it ?, something like
<div style="display:none"> <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> </div>
comment:9 by , 8 years ago
The paragraph you just linked to only mentions {{ csrf_token }}
, not {{ csrf_input }}
.
It's precisely because it's incomplete that I filed this ticket.
comment:10 by , 8 years ago
Owner: | removed |
---|---|
Status: | assigned → new |
Since it's been three weeks without a status update, I'm freeing this ticket up for claiming by a PyCon sprinter.
comment:11 by , 8 years ago
Owner: | set to |
---|---|
Status: | new → assigned |
comment:12 by , 8 years ago
Owner: | changed from | to
---|
comment:13 by , 8 years ago
Owner: | removed |
---|---|
Status: | assigned → new |
comment:14 by , 8 years ago
Owner: | set to |
---|---|
Status: | new → assigned |
comment:15 by , 8 years ago
Has patch: | set |
---|
comment:16 by , 8 years ago
Patch needs improvement: | set |
---|
comment:17 by , 8 years ago
Patch needs improvement: | unset |
---|
comment:18 by , 8 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
There's a mention in the Jinja2 backend docs. Did you miss it or have another place in mind?