Browse files

[1.1.X] Removed example CSRF jQuery code from release notes, replacin…

…g with link to improved code in the CSRF docs

Backport of [15628] from trunk.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 12fd6e1 commit 8b5fc4ac009f4db6a30db717456ba6480beb2628 @spookylukey spookylukey committed Feb 22, 2011
Showing with 6 additions and 14 deletions.
  1. +2 −0 docs/ref/contrib/csrf.txt
  2. +4 −14 docs/releases/1.1.4.txt
@@ -39,6 +39,8 @@ replaced instead of using ``CsrfMiddleware``.
(previous versions of Django did not provide these two components
of ``CsrfMiddleware`` as described above)
+.. _csrf-ajax:
@@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests.
-The following example using the jQuery JavaScript toolkit demonstrates
-this; the call to jQuery's ajaxSetup will cause all AJAX requests to
-send back the CSRF token in the custom X-CSRFTOKEN header::
- $.ajaxSetup({
- beforeSend: function(xhr, settings) {
- if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
- // Only send the token to relative URLs i.e. locally.
- xhr.setRequestHeader("X-CSRFToken",
- $("#csrfmiddlewaretoken").val());
- }
- }
- });
+Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
+that demonstrates this technique, ensuring that you are looking at the
+documentation for your version of Django, as the exact code necessary
+is different for some older versions of Django.

0 comments on commit 8b5fc4a

Please sign in to comment.