innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
14,080 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
Tim Graham 472917024b [1.5.x] Added a warning regarding session security and subdomains. 
Backport of a3372f67cb from master
 2013-10-18 09:44:34 -04:00
Carl Meyer a7e33c5bf3 [1.5.x] Added a new required ALLOWED_HOSTS setting for HTTP host header validation. 
This is a security fix; disclosure and advisory coming shortly.
 2013-02-19 10:39:03 -07:00
Tim Graham fbc06eef1a [1.5.X] Fixed broken links, round 3. refs #19516 
Backport of b3a8c9dab8 from master
 2012-12-26 19:10:50 -05:00
Florian Apolloner 77b06e4151 [1.5.X] Fixed a security issue in get_host. 
Full disclosure and new release forthcoming.
 2012-12-10 22:13:28 +01:00
David Fischer 58786897a1
Formatting fix for host headers section 2012-09-06 16:10:08 -04:00
David Fischer c65100248d
Added CSRF with HTTPS/HSTS and forwarding note 2012-09-06 16:08:14 -04:00
David Fischer ba141e6906
Added note about Strict Transport Security (HSTS) 2012-09-06 15:13:31 -04:00
Luke Plant 0199bdc0b4 Rewrote security.txt SSL docs, noting SECURE_PROXY_SSL_HEADER. 2012-06-04 21:41:05 +01:00
Luke Plant 718f149bb2 Added more explicit warnings about unconfigured reStructured Text usage in docs. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17915 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-04-19 15:00:55 +00:00
Adrian Holovaty d3055b3382 Quick edit of docs/topics/security.txt to catch some basic formatting problems and reword an awkward section 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17222 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-12-17 02:48:27 +00:00
Russell Keith-Magee 893cea211a Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-09-10 00:46:38 +00:00
Jannis Leidel f0280f2e94 Fixes #16482 -- Fixes typo in security docs. Thanks, charettes. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16560 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-29 09:39:55 +00:00
Luke Plant 9896b0df73 Grammar fixes and content tweaks to XSS section of security docs. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-17 14:17:26 +00:00
Luke Plant f5c9c2246e Improved warning about file uploads in docs, and added link from security overview page 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16521 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-06 23:44:54 +00:00
Jannis Leidel 3ee076b135 Fixed #16248 -- Corrected a few typos in the security docs. Thanks, buddelkiste. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16397 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-06-14 10:34:52 +00:00
Luke Plant 528157ce73 Fixed #14201 - Add a "security overview" page to the docs 
Thanks to davidfischer for the initial patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-06-10 15:14:36 +00:00