mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[1.9.x] Fixed #25969 -- Replaced render_to_response() with render() in docs examples.

Browse Source 
Backport of 4d83b0163e from master
This commit is contained in:
Tim Graham
2015-12-22 10:21:24 -05:00
parent 2f205e073b
commit d162b0bcd8
17 changed files with 51 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/ref/csrf.txt
View File

@@ -45,31 +45,11 @@ To take advantage of CSRF protection in your views, follow these steps:
This should not be done for POST forms that target external URLs, since
that would cause the CSRF token to be leaked, leading to a vulnerability.
3. In the corresponding view functions, ensure that the
``'django.template.context_processors.csrf'`` context processor is
being used. Usually, this can be done in one of two ways:
1. Use RequestContext, which always uses
``'django.template.context_processors.csrf'`` (no matter what template
context processors are configured in the :setting:`TEMPLATES` setting).
If you are using generic views or contrib apps, you are covered already,
since these apps use RequestContext throughout.
2. Manually import and use the processor to generate the CSRF token and
add it to the template context. e.g.::
from django.shortcuts import render_to_response
from django.template.context_processors import csrf
def my_view(request):
c = {}
c.update(csrf(request))
# ... view code here
return render_to_response("a_template.html", c)
You may want to write your own
:func:`~django.shortcuts.render_to_response()` wrapper that takes care
of this step for you.
3. In the corresponding view functions, ensure that
:class:`~django.template.RequestContext` is used to render the response so
that ``{% csrf_token %}`` will work properly. If you're using the
:func:`~django.shortcuts.render` function, generic views, or contrib apps,
you are covered already since these all use ``RequestContext``.
.. _csrf-ajax:

3
docs/ref/template-response.txt
View File

@@ -345,8 +345,7 @@ Using TemplateResponse and SimpleTemplateResponse
A :class:`TemplateResponse` object can be used anywhere that a normal
:class:`django.http.HttpResponse` can be used. It can also be used as an
alternative to calling :func:`~django.shortcuts.render()` or
:func:`~django.shortcuts.render_to_response()`.
alternative to calling :func:`~django.shortcuts.render()`.
For example, the following simple view returns a :class:`TemplateResponse`
with a simple template and a context containing a queryset::