1
0
mirror of https://github.com/django/django.git synced 2025-06-05 03:29:12 +00:00

[1.10.x] Fixed #26596 -- Added Jinja2 {{ csrf_input }} documentation.

Backport of 9c53facc45908bc0593de194a60bc75e5d34a48e from master
This commit is contained in:
B. J. Potter 2016-06-02 11:05:57 -07:00 committed by Tim Graham
parent 2e7ec15f53
commit 926529d618

View File

@ -148,24 +148,16 @@ If you're using AngularJS 1.1.3 and newer, it's sufficient to configure the
$httpProvider.defaults.xsrfCookieName = 'csrftoken'; $httpProvider.defaults.xsrfCookieName = 'csrftoken';
$httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken'; $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
Other template engines Using CSRF in Jinja2 templates
---------------------- ------------------------------
When using a different template engine than Django's built-in engine, you can Django's :class:`~django.template.backends.jinja2.Jinja2` template backend
set the token in your forms manually after making sure it's available in the adds ``{{ csrf_input }}`` to the context of all templates which is equivalent
template context. to ``{% csrf_token %}`` in the Django template language. For example:
For example, in the Jinja2 template language, your form could contain the .. code-block:: html+jinja
following:
.. code-block:: html <form action="" method="post">{{ csrf_input }}
<div style="display:none">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
</div>
You can use JavaScript similar to the :ref:`AJAX code <csrf-ajax>` above to get
the value of the CSRF token.
The decorator method The decorator method
-------------------- --------------------