From b733c91f128ec1a0ffe6b45c446c17ba8d746a83 Mon Sep 17 00:00:00 2001
From: Ben Darnell <ben@bendarnell.com>
Date: Tue, 25 Jan 2011 12:02:11 -0800
Subject: [PATCH] Update example in XSRF section.

Login forms don't actually need XSRF protection, so use a message-posting
form instead.
---
 website/templates/documentation.txt | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/website/templates/documentation.txt b/website/templates/documentation.txt
index 4ea3887d6..9f2ed37a6 100644
--- a/website/templates/documentation.txt
+++ b/website/templates/documentation.txt
@@ -438,11 +438,10 @@ correct `_xsrf` value. If you turn this setting on, you need to instrument
 all forms that submit via `POST` to contain this field. You can do this with
 the special function `xsrf_form_html()`, available in all templates:
 
-    <form action="/login" method="post">
+    <form action="/new_message" method="post">
       {{ xsrf_form_html() }}
-      <div>Username: <input type="text" name="username"/></div>
-      <div>Password: <input type="password" name="password"/></div>
-      <div><input type="submit" value="Sign in"/></div>
+      <input type="text" name="message"/>
+      <input type="submit" value="Post"/>
     </form>
 
 If you submit AJAX `POST` requests, you will also need to instrument your
-- 
2.47.2