Russ, thank you for the quick reply, sorry I overlooked this. I guess my question would then be why the javacode snippet wasn't updated, but I imagine that there is an equally good reason for that, too (such as that peole like me who take 20 minutes to figure out what's wrong should keep away from ajax anyway ;)).
thank you Paul On Feb 24, 1:59 am, Russell Keith-Magee <russ...@keith-magee.com> wrote: > On Thu, Feb 24, 2011 at 8:44 AM, Paul <paul.koerb...@googlemail.com> wrote: > > Dear all, > > > allow me to quickly introduce myself, my name is Paul, I'm a PhD > > student from Germany and am playing around with django for mere joy > > (procrastination). > > > I have a quick question on why ticket #15352 > > (http://code.djangoproject.com/ticket/15352 > > ) was closed? > > > It just took me a fair amount of time to figure out why my ajax post > > requests weren't working and for me the javascript-snippet posted > > here: > >http://www.djangoproject.com/weblog/2011/feb/08/security/ > > doesn't work exactly because the id is missing on the csrf_token > > (ubuntu 10.10, firefox 3.6.4, jQuery 1.5). I guess an alternative > > would be to modify the javascript above so that the selector is > > $("[name=csrfmiddlewaretoken]") > > instead of > > $("#csrfmiddlewaretoken") > > > Sorry if I have missed something, I couldn't find anything on this on > > the mailing list. > > Luke gave you the reason when he closed the ticket. The reason it was > closed is because you *can't* have an ID on a CSRF token. HTML > requires that there is only one element with any given ID on a page. > However, CSRF tokens don't meet that requirement. > > You can have multiple forms on a page, and each form needs to be > submitted with the CSRF token. That means there are multiple CSRF > token elements on the page, and as a result, you can't associate a > simple ID with them. > > We *could* go to great lengths to provide some automated scheme for > allocating IDs when there are multiple CSRF tokens... or we could just > use the name of the token. We've chosen to do the latter. > > Yours, > Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
