Very good article. Using AJAX with Django always feels a bit unnatural, as there's no standard way to do it and everyone has its own way of dealing with it, so it's interesting to see how others do it (in particular utility functions). I think there are also django packages that provide an AJAXy layer (but never used it).<p>It's already hinted at in the blog post, but for writing clean apps using AJAX a lot, django-tastypie and backbone.js really do work well together (I've just started using them in combination in my latest toy project).
That bit of CSRF javascript does not "ignore" CSRF checking, and is not unsafe. The only difference is that it sets the CSRF token value as a request header rather than a POST value. The browser still needs to have that CSRF cookie value.<p>Edit: Code backing from middleware/csrf.py:<p>request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
if request_csrf_token == "":
# Fall back to X-CSRFToken, to make things easier for AJAX
request_csrf_token = request.META.get('HTTP_X_CSRFTOKEN', '')