id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27396	Docs: send POST request on base.html does not mention {{ csrf_token }}	Ramin Farajpour Cami	nobody	"Hi,

Have a look at the section ""AJAX "" in this documentation page:

https://docs.djangoproject.com/en/1.10/ref/csrf/#ajax

It does not mention the highly relevantcsrf_toeken  on meta tag  on base.html I think it should.

{{{
<meta content=""{{ csrf_token }}"" name='csrfmiddlewaretoken' />
}}}

many case there is use AJAX on root path `http://127.0.0.1` this action

urls.py:
  
{{{
url(r'^$', Index , name='Index'),
}}}

base.html 


{{{
<!DOCTYPE html>
<html lang=""en"">
<head>
    <link rel=""stylesheet"" href=""style.css"" />
    <title>{% block title %}My amazing site{% endblock %}</title>
</head>

<body>
    <div id=""sidebar"">
        {% block sidebar %}
        <ul>
            <li><a href=""/"">Home</a></li>
            <li><a href=""/blog/"">Blog</a></li>
        </ul>
        {% endblock %}
    </div>

    <div id=""content"">
        {% block content %}{% endblock %}
    </div>
</body>
</html>
}}}

index.html 

{{{
{% extends ""base.html"" %}

{% block title %}{{ section.title }}{% endblock %}

{% block content %}
<h1>{{ section.title }}</h1>

{% endblock %}
}}}

now when action index return render , now if users use AJAX on base.html (for example : check session permission on use javascript on page base.html ) howevery this page nothing cookie set csrf_token for send to server side , 

there is 2 way :
1 - use {% csrf_token %}  , this create input tag on base.html (this is not good )
2 - use meta tag (`<meta content=""{{ csrf_token }}"" name='csrfmiddlewaretoken' />`)

i use 2 , and work it great ,


"	Cleanup/optimization	closed	Documentation	1.10	Normal	worksforme			Unreviewed	0	0	0	0	0	0