#26596 closed Bug (fixed)
Document {{ csrf_input }} in Jinja2 templates
| Reported by: | Aymeric Augustin | Owned by: | B. J. Potter |
|---|---|---|---|
| Component: | Documentation | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | betojulio@… | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
It's the equivalent of {% csrf_token %} in Django templates.
It appears that I forgot to document it.
Attachments (1)
Change History (22)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
I saw that mention but I don't think it's sufficiently explicit about how to use that variable.
We should say that:
- {% csrf_token %} in Django templates translates to {{ csrf_input }} in Jinja2 templates
- {{ csrf_token }} works identically in Django templates and in Jinja2 templates
comment:3 by , 8 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:4 by , 8 years ago
| Cc: | added |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:6 by , 8 years ago
I believe this information would be more discoverable in the CSRF reference documentation, either in the "How to use it" section or in a new section.
We should talk about:
- the API offered by built-in template backends
- requirements for third-party backends, as described in DEP 182 (basically they have to provide a solution, but that solution isn't specified)
This will likely require tweaking the content a bit to clarify that the main examples are specific to Django templates.
comment:8 by , 8 years ago
{% csrf_token %} in Django templates translates to {{ csrf_input }} in Jinja2 templates
This is already specified in https://docs.djangoproject.com/en/dev/ref/csrf/#other-template-engines
{{ csrf_token }} works identically in Django templates and in Jinja2 templates
Should I put another example in step # 2 in https://docs.djangoproject.com/en/dev/ref/csrf/#how-to-use-it ?, something like
<div style="display:none">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
</div>
comment:9 by , 8 years ago
The paragraph you just linked to only mentions {{ csrf_token }}, not {{ csrf_input }}.
It's precisely because it's incomplete that I filed this ticket.
comment:10 by , 8 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
Since it's been three weeks without a status update, I'm freeing this ticket up for claiming by a PyCon sprinter.
comment:11 by , 8 years ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
comment:12 by , 8 years ago
| Owner: | changed from to |
|---|
comment:13 by , 8 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
comment:14 by , 8 years ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
comment:15 by , 8 years ago
| Has patch: | set |
|---|
comment:16 by , 8 years ago
| Patch needs improvement: | set |
|---|
comment:17 by , 8 years ago
| Patch needs improvement: | unset |
|---|
comment:18 by , 8 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
There's a mention in the Jinja2 backend docs. Did you miss it or have another place in mind?