id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 27534,Add CSRF_COOKIE_HTTPONLY note to CSRF AJAX docs,Andrew Charles,nobody,"https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-httponly https://docs.djangoproject.com/en/dev/ref/csrf/#ajax There should be a note in the CSRF AJAX docs that the {{{CSRF_COOKIE_HTTPONLY}}} setting will prevent non-safe ajax calls from working (if using the js provided). It should note that you have to include the csrf token via the template tag {{{{% csrf_token %}}}}, and update the js with something like this: {{{#!javascript var csrftoken = getCookie('csrftoken'); if (csrftoken === null) { csrftoken = $('input[name=""csrfmiddlewaretoken""]').val(); if (csrftoken === null) { console.log('No csrf token'); } } }}} This is my first Django issue/ticket, sorry if I missed anything.",Cleanup/optimization,closed,Documentation,dev,Normal,duplicate,,,Accepted,0,0,0,0,0,0