innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Added info to release notes about CSRF improvements 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-05-31 21:29:35 +00:00
parent 1cfb00dc41
commit 1a951fa8d4
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releases/1.4.txt
View File

@ -78,6 +78,16 @@ A new helper function,
``template.Library`` to ease the creation of template tags that store some ``template.Library`` to ease the creation of template tags that store some
data in a specified context variable. data in a specified context variable.
CSRF improvements
~~~~~~~~~~~~~~~~~
We've made various improvements to our CSRF features, including the
:func:`~django.views.decorators.csrf.ensure_csrf_cookie` decorator which can
help with AJAX heavy sites, protection for PUT and DELETE, and settings
:setting:`CSRF_COOKIE_SECURE` and :setting:`CSRF_COOKIE_PATH` which can improve
the security and usefulness of the CSRF protection. See the :doc:`CSRF docs
</ref/contrib/csrf>` for more information.
.. _backwards-incompatible-changes-1.4: .. _backwards-incompatible-changes-1.4:
Backwards incompatible changes in 1.4 Backwards incompatible changes in 1.4