id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
29858	Clarify docs regarding CSRF token header name	Stewart Polley	nobody	"I'm working on a small new application, and using AXIOS to post back to Django.

Part of this is of course setting the relevant header to include the CSRF token.
Looking at the docs there appears to be contradicting messages about what that heading should be.
Initially we get greeted with this:
 ''For this reason, there is an alternative method: on each XMLHttpRequest, set a custom **X-CSRFToken**
 header to the value of the CSRF token''

Later on though we get this blockquote in the docs:
 ''**Note**
 ...
 The CSRF header name is **HTTP_X_CSRFTOKEN** by default, but you can customize it using the CSRF_HEADER_NAME setting.''

From testing, it appears that X-CSRFToken is indeed the correct header to use, as it's currently functioning, but I'm unsure if this is a bug with Django, or an error in the docs.

If it's an error in the docs, can someone please point me in the direction of how to submit a pull request to fix this?
"	Cleanup/optimization	closed	Documentation	2.1	Normal	fixed			Accepted	1	0	0	0	0	0