id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27534	Add CSRF_COOKIE_HTTPONLY note to CSRF AJAX docs	Andrew Charles	nobody	"https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-httponly
https://docs.djangoproject.com/en/dev/ref/csrf/#ajax

There should be a note in the CSRF AJAX docs that the {{{CSRF_COOKIE_HTTPONLY}}} setting will prevent non-safe ajax calls from working (if using the js provided). It should note that you have to include the csrf token via the template tag {{{{% csrf_token %}}}}, and update the js with something like this:
{{{#!javascript
var csrftoken = getCookie('csrftoken');
if (csrftoken === null) {
    csrftoken = $('input[name=""csrfmiddlewaretoken""]').val();
    if (csrftoken === null) {
        console.log('No csrf token');
    }
}
}}}

This is my first Django issue/ticket, sorry if I missed anything."	Cleanup/optimization	closed	Documentation	dev	Normal	duplicate			Accepted	0	0	0	0	0	0