From 926529d6189bd0749067f8567b4e34bbf8b0e545 Mon Sep 17 00:00:00 2001
From: "B. J. Potter" <bjpotter@gmail.com>
Date: Thu, 2 Jun 2016 11:05:57 -0700
Subject: [PATCH] [1.10.x] Fixed #26596 -- Added Jinja2 {{ csrf_input }}
 documentation.

Backport of 9c53facc45908bc0593de194a60bc75e5d34a48e from master
---
 docs/ref/csrf.txt | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt
index 77c52ee59a..5b87d6f1c8 100644
--- a/docs/ref/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -148,24 +148,16 @@ If you're using AngularJS 1.1.3 and newer, it's sufficient to configure the
     $httpProvider.defaults.xsrfCookieName = 'csrftoken';
     $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
 
-Other template engines
-----------------------
+Using CSRF in Jinja2 templates
+------------------------------
 
-When using a different template engine than Django's built-in engine, you can
-set the token in your forms manually after making sure it's available in the
-template context.
+Django's :class:`~django.template.backends.jinja2.Jinja2` template backend
+adds ``{{ csrf_input }}`` to the context of all templates which is equivalent
+to ``{% csrf_token %}`` in the Django template language. For example:
 
-For example, in the Jinja2 template language, your form could contain the
-following:
+.. code-block:: html+jinja
 
-.. code-block:: html
-
-    <div style="display:none">
-        <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
-    </div>
-
-You can use JavaScript similar to the :ref:`AJAX code <csrf-ajax>` above to get
-the value of the CSRF token.
+    <form action="" method="post">{{ csrf_input }}
 
 The decorator method
 --------------------