diff options
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 2 | ||||
| -rw-r--r-- | docs/releases/1.1.4.txt | 18 |
2 files changed, 6 insertions, 14 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 45d4b459c7..4ebaa33905 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -39,6 +39,8 @@ replaced instead of using ``CsrfMiddleware``. (previous versions of Django did not provide these two components of ``CsrfMiddleware`` as described above) +.. _csrf-ajax: + AJAX ---- diff --git a/docs/releases/1.1.4.txt b/docs/releases/1.1.4.txt index 7a3035f9bd..e561201c18 100644 --- a/docs/releases/1.1.4.txt +++ b/docs/releases/1.1.4.txt @@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease of use with popular JavaScript toolkits which allow insertion of custom headers into all AJAX requests. -The following example using the jQuery JavaScript toolkit demonstrates -this; the call to jQuery's ajaxSetup will cause all AJAX requests to -send back the CSRF token in the custom X-CSRFTOKEN header:: - - $.ajaxSetup({ - beforeSend: function(xhr, settings) { - if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { - // Only send the token to relative URLs i.e. locally. - xhr.setRequestHeader("X-CSRFToken", - $("#csrfmiddlewaretoken").val()); - } - } - }); - +Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>` +that demonstrates this technique, ensuring that you are looking at the +documentation for your version of Django, as the exact code necessary +is different for some older versions of Django. |