4a58dfd9db
Refs #30509 -- Adjusted internal FileResponse variable name.
...
Follow up to dc724c5bf9
2021-10-15 07:29:55 +02:00
dc724c5bf9
Fixed #30509 -- Made FileResponse better handle buffers and non-zero file offsets.
2021-10-14 15:05:04 +02:00
bc4c7e5d68
Optimized handling case-insensitive mappings.
...
Elements yielded by _destruct_iterable_mapping_values are always
unpacked. Since unpacking can be done with any iterable, there is no
need to convert elements to tuples. Also, such elements can be used
directly in for loops, creating a dictionary of them is excessive.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2021-09-22 09:26:21 +02:00
f03ba0ad52
Simplified serializing HTTP response headers.
...
Since ResponseHeaders was introduced, header names and values are stored
as strings. There is no need to check whether they are bytes.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2021-08-02 09:24:48 +02:00
bbb3965826
Refs #24121 -- Added __repr__() to StreamingHttpResponse and subclasses.
2021-06-22 21:28:48 +02:00
d06c5b3581
Fixed #32366 -- Updated datetime module usage to recommended approach.
...
- Replaced datetime.utcnow() with datetime.now().
- Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp().
- Replaced datetime.utctimetuple() with datetime.timetuple().
- Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12 11:08:41 +02:00
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
8bcb00858e
Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().
2021-04-30 08:05:42 +02:00
2161db0792
Fixed capitalization of "ECMAScript" and "JavaScript".
2021-04-29 20:29:08 +02:00
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
ec0ff40631
Fixed #32355 -- Dropped support for Python 3.6 and 3.7
2021-02-10 10:20:54 +01:00
3c004075b1
Fixed #32389 -- Fixed ResponseHeaders crash when data is not mapping.
2021-01-28 10:10:08 +01:00
d08977a0f0
Refs #30997 -- Removed HttpRequest.is_ajax() per deprecation timeline.
2021-01-14 17:50:04 +01:00
2c5d6dc447
Fixed grammar in HttpResponse docstring.
2020-12-08 12:18:42 +01:00
1fd9b44a6b
Refs #32074 -- Fixed handling memoryview content by HttpResponse on Python 3.10+.
...
An iterator was added to memoryview in Python 3.10,
see https://bugs.python.org/issue41732
Refs #30294
2020-11-10 09:56:15 +01:00
dcb69043d0
Fixed #32002 -- Added headers parameter to HttpResponse and subclasses.
2020-10-07 09:19:57 +02:00
11c4a4412b
Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
...
This patch allows upload handlers to handle interrupted uploads.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
bcc2befd0e
Fixed #31789 -- Added a new headers interface to HttpResponse.
2020-09-14 08:41:59 +02:00
83dea65ed6
Refs #21231 -- Corrected parse_qsl() fallback.
...
An oversight in fd209f62f1
2020-09-07 06:25:56 +02:00
d2d08c8cf6
Fixed #31982 -- Made HttpResponse.set_cookie() cast max_age argument to an integer.
2020-09-05 10:07:23 +02:00
fd209f62f1
Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8.
2020-09-03 14:24:42 +02:00
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
2020-07-16 08:16:58 +02:00
36db4dd937
Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash.
2020-06-11 08:46:59 +02:00
7fc317ae73
Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2.
2020-06-03 08:47:19 +02:00
0668164b4a
Fixed E128, E741 flake8 warnings.
2020-05-12 08:52:23 +02:00
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
e65fea9292
Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.
2020-02-28 14:43:16 +01:00
41a3b3d186
Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used.
...
Thanks to Oskar Persson for the report.
2020-02-11 20:39:12 +01:00
549445519c
Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object."
...
This reverts commit cce47ff65a
2020-02-11 20:39:12 +01:00
e348ab0d43
Fixed #30997 -- Deprecated HttpRequest.is_ajax().
2020-01-27 08:54:32 +01:00
d66d72f956
Refs #30997 -- Added HttpRequest.accepts().
2020-01-24 14:24:59 +01:00
e42b68debf
Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with reverse_lazy() locations.
2019-12-27 09:19:56 +01:00
b33bfc3839
Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.
...
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-12 10:52:31 +01:00
adb9661789
Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True.
2019-12-05 09:44:45 +01:00
e3d0b4d550
Fixed #30899 -- Lazily compiled import time regular expressions.
2019-10-29 09:22:26 +01:00
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
cce47ff65a
Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object.
2019-06-20 11:48:49 +02:00
415e899dc4
Refs #30451 -- Added HttpRequest._set_content_type_params() hook.
2019-06-15 10:29:02 -07:00
de4832c49b
Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename is available.
2019-05-17 12:07:27 +02:00
a3a4f5c144
Fixed #30310 -- Added support for looking up HttpHeaders.headers using underscores.
2019-05-09 16:26:52 +02:00
b915b9f10f
Refs #27753 -- Deprecated django.utils.text.unescape_entities().
...
The function was undocumented and only required for compatibility with
Python 2.
Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
8b3f1c35dd
Removed unnecessary assignments in various code.
2019-04-24 13:09:29 +02:00
9aa56cb0d5
Fixed #30294 -- Allowed HttpResponse to accept memoryview content.
2019-03-29 09:43:49 -04:00
8ec7ded370
Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart request.
2019-03-02 09:19:05 -05:00
2ed2acf872
Fixed #30227 -- Fixed crash on request without boundary in Content-Type.
2019-03-02 09:19:05 -05:00
5013d38380
Optimized iterator exhaustion using collections.deque().
2019-02-14 18:21:57 -05:00
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
7c66aaa2b6
Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline.
2019-01-17 10:52:16 -05:00
8045dff98c
Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.
2019-01-17 10:50:25 -05:00
Carlton Gibson
Piotr Kunicki
Illia Volochii
Nicolas Restrepo
Nick Pope
Florian Apolloner
Hasan Ramezani
Mariusz Felisiak
ᴙɘɘᴙgYmɘᴙɘj
Tom Carrick
aryan
Tim Graham
Nick Pope
Michael Brown
Jon Dufresne
007
Claude Paroz
Osaetin Daniel
Gordon Pendleton
Carlton Gibson
Chris Jerdonek
ShingenPizza
Troon
sage
Aymeric Augustin