[Django] #37032: Documentation for django.template.context_processors.csrf is incorrect or inaccurate

[Django]

#37032: Documentation for django.template.context_processors.csrf is incorrect 
or
inaccurate
-------------------------------------+-------------------------------------
     Reporter:  Christian Finnberg   |                     Type:
                                     |  Uncategorized
       Status:  new                  |                Component:
                                     |  Documentation
      Version:  dev                  |                 Severity:  Normal
     Keywords:  csrf, context        |             Triage Stage:
  processor                          |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
 Documentation for django.template.context_processors.csrf in
 https://docs.djangoproject.com/en/dev/ref/templates/api/#django-template-
 context-processors-csrf is not accurate. It says:
     This processor adds a token that is needed by the csrf_token template
 tag for protection against Cross Site Request Forgeries.

 But the `csrf_token` template tag is independent of this context
 processor. This content processor adds a `csrf_token` variable that can be
 used for protection against CSRF, but it seems that this is like a
 "legacy" method. The recommended way or at least the way Django is
 configured by default, is to enable the
 django.middleware.csrf.CsrfViewMiddleware middleware, that adds the
 `crsf_token` template tag and works independently of this context
 processor.

 So a different definition may be better. Something like:
     If this processor is enabled, every **RequestContext** will contain a
 variable **csrf_token** with a CSRF token, or the string 'NOTPROVIDED'  if
 it has not been provided by either a view decorator or the middleware.
 Notice that the `csrf_token` template tag (not this context processor) is
 the preferred way to add the CSRF token to the forms.

 In any case I think this component's text must be corrected somehow.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/37032>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019d86ca4f89-c9a13df0-f718-41ab-ac2c-b5b221af68d5-000000%40eu-central-1.amazonses.com.