Browse files

Fixed #16704 -- Documented how to insert the CSRF token outside of Dj…

…ango's own template engine. Thanks paulcwatts and bpeschier for the patch.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent c458700 commit 39201d8fe55df561911e274f805eff3fa7e5819f @aaugustin aaugustin committed Dec 30, 2011
Showing with 18 additions and 0 deletions.
  1. +18 −0 docs/ref/contrib/csrf.txt
@@ -146,6 +146,24 @@ In addition, if the CSRF cookie has not been sent to the client by use of
:ttag:`csrf_token`, you may need to ensure the client receives the cookie by
using :func:`~django.views.decorators.csrf.ensure_csrf_cookie`.
+Other template engines
+When using a different template engine than Django's built-in engine, you can
+set the token in your forms manually after making sure it is available in the
+context of the template.
+So in Cheetah for example, your form could contain the following:
+.. code-block:: html
+ <div style="display:none">
+ <input type="hidden" name="csrfmiddlewaretoken" value="$csrf_token"/>
+ </div>
+You may use javascript similar to the :ref:`AJAX code <csrf-ajax>` above to get
+the value of the CSRF token.
The decorator method

0 comments on commit 39201d8

Please sign in to comment.