Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Documented the presence of {% csrf_token %} in Django 1.1.2 in trunk …


git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 905dba3 commit 9dc9770736ddf236be5ae08447bb323433fffd44 @spookylukey spookylukey committed
Showing with 10 additions and 4 deletions.
  1. +5 −2 docs/ref/contrib/csrf.txt
  2. +5 −2 docs/ref/templates/builtins.txt
7 docs/ref/contrib/csrf.txt
@@ -188,9 +188,12 @@ applications in your project will meet its requirements by virtue of the
The next step is to update all your applications to use the template tag, as
described in `How to use it`_, steps 2-3. This can be done as soon as is
-practical. Any applications that are updated will now require Django 1.2 or
+practical. Any applications that are updated will now require Django 1.1.2 or
later, since they will use the CSRF template tag which was not available in
-earlier versions.
+earlier versions. (The template tag in 1.1.2 is actually a no-op that exists
+solely to ease the transition to 1.2 — it allows apps to be created that have
+CSRF protection under 1.2 without requiring users of the apps to upgrade to the
+Django 1.2.X series).
The utility script ``extras/`` can help to automate the
finding of code and templates that may need to be upgraded. It contains full
7 docs/ref/templates/builtins.txt
@@ -56,9 +56,12 @@ Ignore everything between ``{% comment %}`` and ``{% endcomment %}``
-.. versionadded:: 1.2
+.. versionadded:: 1.1.2
-This is described in the documentation for :ref:`Cross Site Request Forgeries <ref-contrib-csrf>`.
+In the Django 1.1.X series, this is a no-op tag that returns an empty string for
+future compatibility purposes. In Django 1.2 and later, it is used for CSRF
+protection, as described in the documentation for :ref:`Cross Site Request
+Forgeries <ref-contrib-csrf>`.

0 comments on commit 9dc9770

Please sign in to comment.
Something went wrong with that request. Please try again.