mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-05 02:09:13 +00:00
Code Issues 32 Releases Wiki Activity

[1.2.X] Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs

Browse Source 
Backport of [15628] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15629 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-02-22 11:30:10 +00:00
parent dc9d639c0a
commit e89c471ebb
3 changed files with 10 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/ref/contrib/csrf.txt
View File

@ -81,6 +81,8 @@ The utility script ``extras/csrf_migration_helper.py`` can help to automate the
finding of code and templates that may need to be upgraded. It contains full finding of code and templates that may need to be upgraded. It contains full
help on how to use it. help on how to use it.
.. _csrf-ajax:
AJAX AJAX
---- ----

18
docs/releases/1.1.4.txt
View File

@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests. custom headers into all AJAX requests.
The following example using the jQuery JavaScript toolkit demonstrates Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
this; the call to jQuery's ajaxSetup will cause all AJAX requests to that demonstrates this technique, ensuring that you are looking at the
send back the CSRF token in the custom X-CSRFTOKEN header:: documentation for your version of Django, as the exact code necessary
is different for some older versions of Django.
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken",
$("#csrfmiddlewaretoken").val());
}
}
});

32
docs/releases/1.2.5.txt
View File

@ -62,34 +62,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests. custom headers into all AJAX requests.
The following example using the jQuery JavaScript toolkit demonstrates Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
this; the call to jQuery's ajaxSetup will cause all AJAX requests to that demonstrates this technique, ensuring that you are looking at the
send back the CSRF token in the custom X-CSRFTOKEN header:: documentation for your version of Django, as the exact code necessary
is different for some older versions of Django.
$.ajaxSetup({
beforeSend: function(xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
}
});
FileField no longer deletes files FileField no longer deletes files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~