[Django] #30641: Update docs for using CSRF with Ajax

9 views
Skip to first unread message

Django

unread,
Jul 15, 2019, 3:32:34 PM7/15/19
to django-...@googlegroups.com
#30641: Update docs for using CSRF with Ajax
-------------------------------------+-------------------------------------
Reporter: JeroenvO | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: CSRF | Version: 2.2
Severity: Normal | Keywords: csrf token jquery
Triage Stage: | context templatetag ajax
Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Docs state: (https://docs.djangoproject.com/en/2.2/ref/csrf/)
In order to get CSRF token in Javascript, for instance for an AJAX
request.

{{{
{% csrf_token %}
<script type="text/javascript">
var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();
</script>
}}}

but since {{ csrf_token }} is available in the context, a much cleaner
version would be:


{{{
<script type="text/javascript">
// using jQuery
var csrftoken = '{{ csrf_token }}';
</script>
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/30641>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Jul 16, 2019, 2:12:10 AM7/16/19
to django-...@googlegroups.com
#30641: Update docs for using CSRF with Ajax.

-------------------------------------+-------------------------------------
Reporter: JeroenvO | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: master
Severity: Normal | Resolution: wontfix

Keywords: csrf token jquery | Triage Stage:
context templatetag ajax | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by felixxm):

* status: new => closed
* resolution: => wontfix
* version: 2.2 => master
* component: CSRF => Documentation


Comment:

Thanks for the report, but I believe that the current recommendation is
better because it works if:
{{{


<script type="text/javascript">
var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();
</script>
}}}

is a part of external JavaScript file (see
[https://github.com/django/django/pull/5600#issuecomment-229771095
extensive discussion in PR]).

--
Ticket URL: <https://code.djangoproject.com/ticket/30641#comment:1>

Reply all
Reply to author
Forward
0 new messages