id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
37032	Documentation for django.template.context_processors.csrf is incorrect or inaccurate	Christian Finnberg		"Documentation for django.template.context_processors.csrf in https://docs.djangoproject.com/en/dev/ref/templates/api/#django-template-context-processors-csrf is not accurate. It says:
    This processor adds a token that is needed by the csrf_token template tag for protection against Cross Site Request Forgeries.

But the `csrf_token` template tag is independent of this context processor. This content processor adds a `csrf_token` variable that can be used for protection against CSRF, but it seems that this is like a ""legacy"" method. The recommended way or at least the way Django is configured by default, is to enable the django.middleware.csrf.CsrfViewMiddleware middleware, that adds the `crsf_token` template tag and works independently of this context processor.

So a different definition may be better. Something like:
    If this processor is enabled, every **RequestContext** will contain a variable **csrf_token** with a CSRF token, or the string 'NOTPROVIDED'  if it has not been provided by either a view decorator or the middleware. Notice that the `csrf_token` template tag (not this context processor) is the preferred way to add the CSRF token to the forms.

In any case I think this component's text must be corrected somehow."	Uncategorized	new	Documentation	dev	Normal		csrf, context processor		Unreviewed	0	0	0	0	0	0