diff --git a/docs/topics/forms/index.txt b/docs/topics/forms/index.txt index ab35cc9d8b..23bef19718 100644 --- a/docs/topics/forms/index.txt +++ b/docs/topics/forms/index.txt @@ -172,7 +172,7 @@ Forms are designed to work with the Django template language. In the above example, we passed our ``ContactForm`` instance to the template using the context variable ``form``. Here's a simple example template:: -
+ {% csrf_token %} {{ form.as_p }}
@@ -180,6 +180,15 @@ context variable ``form``. Here's a simple example template:: The form only outputs its own fields; it is up to you to provide the surrounding ``
`` tags and the submit button. +.. admonition:: Forms and Cross Site Request Forgery protection + + Django ships with an easy-to-use :doc:`protection against Cross Site Request + Forgeries `. When submitting a form via POST with + CSRF protection enabled you must use the :ttag:`csrf_token` template tag + as in the preceding example. However, since CSRF protection is not + directly tied to forms in templates, this tag is omitted from the + following examples in this document. + ``form.as_p`` will output the form with each form field and accompanying label wrapped in a paragraph. Here's the output for our example template::