diff --git a/rest_framework/static/rest_framework/js/csrf.js b/rest_framework/static/rest_framework/js/csrf.js
index 97c8d0124..6e4bf39a7 100644
--- a/rest_framework/static/rest_framework/js/csrf.js
+++ b/rest_framework/static/rest_framework/js/csrf.js
@@ -38,7 +38,7 @@ function sameOrigin(url) {
!(/^(\/\/|http:|https:).*/.test(url));
}
-var csrftoken = getCookie(window.drf.csrfCookieName);
+var csrftoken = window.drf.csrfToken;
$.ajaxSetup({
beforeSend: function(xhr, settings) {
diff --git a/rest_framework/templates/rest_framework/admin.html b/rest_framework/templates/rest_framework/admin.html
index 66d8431f1..f058b2694 100644
--- a/rest_framework/templates/rest_framework/admin.html
+++ b/rest_framework/templates/rest_framework/admin.html
@@ -247,7 +247,7 @@
diff --git a/rest_framework/templates/rest_framework/base.html b/rest_framework/templates/rest_framework/base.html
index e8a13674e..6d740f2b5 100644
--- a/rest_framework/templates/rest_framework/base.html
+++ b/rest_framework/templates/rest_framework/base.html
@@ -290,7 +290,7 @@
diff --git a/tests/test_templates.py b/tests/test_templates.py
index a296395f6..19f511b96 100644
--- a/tests/test_templates.py
+++ b/tests/test_templates.py
@@ -1,7 +1,17 @@
+import re
+
from django.shortcuts import render
+def test_base_template_with_context():
+ context = {'request': True, 'csrf_token': 'TOKEN'}
+ result = render({}, 'rest_framework/base.html', context=context)
+ assert re.search(r'\bcsrfToken: "TOKEN"', result.content.decode('utf-8'))
+
+
def test_base_template_with_no_context():
# base.html should be renderable with no context,
# so it can be easily extended.
- render({}, 'rest_framework/base.html')
+ result = render({}, 'rest_framework/base.html')
+ # note that this response will not include a valid CSRF token
+ assert re.search(r'\bcsrfToken: ""', result.content.decode('utf-8'))