diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index a6731223e0..c28bd0319f 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -81,6 +81,8 @@ The utility script ``extras/csrf_migration_helper.py`` can help to automate the finding of code and templates that may need to be upgraded. It contains full help on how to use it. +.. _csrf-ajax: + AJAX ---- diff --git a/docs/releases/1.1.4.txt b/docs/releases/1.1.4.txt index 7a3035f9bd..e561201c18 100644 --- a/docs/releases/1.1.4.txt +++ b/docs/releases/1.1.4.txt @@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease of use with popular JavaScript toolkits which allow insertion of custom headers into all AJAX requests. -The following example using the jQuery JavaScript toolkit demonstrates -this; the call to jQuery's ajaxSetup will cause all AJAX requests to -send back the CSRF token in the custom X-CSRFTOKEN header:: - - $.ajaxSetup({ - beforeSend: function(xhr, settings) { - if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { - // Only send the token to relative URLs i.e. locally. - xhr.setRequestHeader("X-CSRFToken", - $("#csrfmiddlewaretoken").val()); - } - } - }); - +Please see the :ref:`CSRF docs for example jQuery code ` +that demonstrates this technique, ensuring that you are looking at the +documentation for your version of Django, as the exact code necessary +is different for some older versions of Django. diff --git a/docs/releases/1.2.5.txt b/docs/releases/1.2.5.txt index b169a4b765..8427534301 100644 --- a/docs/releases/1.2.5.txt +++ b/docs/releases/1.2.5.txt @@ -62,34 +62,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease of use with popular JavaScript toolkits which allow insertion of custom headers into all AJAX requests. -The following example using the jQuery JavaScript toolkit demonstrates -this; the call to jQuery's ajaxSetup will cause all AJAX requests to -send back the CSRF token in the custom X-CSRFTOKEN header:: - - $.ajaxSetup({ - beforeSend: function(xhr, settings) { - function getCookie(name) { - var cookieValue = null; - if (document.cookie && document.cookie != '') { - var cookies = document.cookie.split(';'); - for (var i = 0; i < cookies.length; i++) { - var cookie = jQuery.trim(cookies[i]); - // Does this cookie string begin with the name we want? - if (cookie.substring(0, name.length + 1) == (name + '=')) { - cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); - break; - } - } - } - return cookieValue; - } - if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { - // Only send the token to relative URLs i.e. locally. - xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); - } - } - }); - +Please see the :ref:`CSRF docs for example jQuery code ` +that demonstrates this technique, ensuring that you are looking at the +documentation for your version of Django, as the exact code necessary +is different for some older versions of Django. FileField no longer deletes files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/releases/1.3.txt b/docs/releases/1.3.txt index aca227f896..887943aec8 100644 --- a/docs/releases/1.3.txt +++ b/docs/releases/1.3.txt @@ -305,34 +305,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease of use with popular JavaScript toolkits which allow insertion of custom headers into all AJAX requests. -The following example using the jQuery JavaScript toolkit demonstrates -this; the call to jQuery's ajaxSetup will cause all AJAX requests to -send back the CSRF token in the custom X-CSRFTOKEN header:: - - $.ajaxSetup({ - beforeSend: function(xhr, settings) { - function getCookie(name) { - var cookieValue = null; - if (document.cookie && document.cookie != '') { - var cookies = document.cookie.split(';'); - for (var i = 0; i < cookies.length; i++) { - var cookie = jQuery.trim(cookies[i]); - // Does this cookie string begin with the name we want? - if (cookie.substring(0, name.length + 1) == (name + '=')) { - cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); - break; - } - } - } - return cookieValue; - } - if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { - // Only send the token to relative URLs i.e. locally. - xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); - } - } - }); - +Please see the :ref:`CSRF docs for example jQuery code ` +that demonstrates this technique, ensuring that you are looking at the +documentation for your version of Django, as the exact code necessary +is different for some older versions of Django. Restricted filters in admin interface ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~