From: Ben Darnell <ben@bendarnell.com>
Date: Tue, 25 Jan 2011 20:02:11 +0000 (-0800)
Subject: Update example in XSRF section.
X-Git-Tag: v1.2.0~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b733c91f128ec1a0ffe6b45c446c17ba8d746a83;p=thirdparty%2Ftornado.git

Update example in XSRF section.

Login forms don't actually need XSRF protection, so use a message-posting
form instead.
---

diff --git a/website/templates/documentation.txt b/website/templates/documentation.txt
index 4ea3887d6..9f2ed37a6 100644
--- a/website/templates/documentation.txt
+++ b/website/templates/documentation.txt
@@ -438,11 +438,10 @@ correct `_xsrf` value. If you turn this setting on, you need to instrument
 all forms that submit via `POST` to contain this field. You can do this with
 the special function `xsrf_form_html()`, available in all templates:
 
-    <form action="/login" method="post">
+    <form action="/new_message" method="post">
       {{ xsrf_form_html() }}
-      <div>Username: <input type="text" name="username"/></div>
-      <div>Password: <input type="password" name="password"/></div>
-      <div><input type="submit" value="Sign in"/></div>
+      <input type="text" name="message"/>
+      <input type="submit" value="Post"/>
     </form>
 
 If you submit AJAX `POST` requests, you will also need to instrument your