Commit Graph

343 Commits

Author SHA1 Message Date
Chris Jerdonek 5d80843ebc Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.
This also adds CSRF_COOKIE_MASKED transitional setting helpful in
migrating multiple instance of the same project to Django 4.1+.

Thanks Florian Apolloner and Shai Berger for reviews.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-11-29 10:47:39 +01:00
jhisham 5e218cc0b7 Added Malay language. 2021-11-18 20:57:50 +01:00
Carlton Gibson 306607d5b9 Fixed #32365 -- Made zoneinfo the default timezone implementation.
Thanks to Adam Johnson, Aymeric Augustin, David Smith, Mariusz Felisiak, Nick
Pope, and Paul Ganssle for reviews.
2021-09-16 12:11:05 +02:00
Claude Paroz 676bd084f2 Fixed #32873 -- Deprecated settings.USE_L10N.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-14 12:05:43 +02:00
David Smith 1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
ryowright 1783b3cb24 Fixed #32275 -- Added scrypt password hasher.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
bankc db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Mariusz Felisiak 0aa6a602b2 Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak 12ac4916af Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation timeline. 2021-01-14 17:50:04 +01:00
Tom Forbes b5e12d490a Fixed #31007 -- Allowed specifying type of auto-created primary keys.
This also changes the default type of auto-created primary keys
for new apps and projects to BigAutoField.
2020-12-15 11:25:46 +01:00
אורי ad827ddaef
Fixed #31871 -- Updated SESSION_COOKIE_SAMESITE comment in global_settings.py.
Follow up to b33bfc3839.
2020-08-10 08:46:34 +02:00
Mariusz Felisiak d907371ef9 Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
Kelechi Precious Nwachukwu 2cd3e7eeaf Added Igbo language. 2020-07-14 20:44:41 +02:00
Resulkary af2b3fee08 Added Turkmen language. 2020-07-08 08:43:28 +02:00
Claude Paroz db8268bce6 Added support for the Tajik language.
Thanks Sirius Sufiew for contributing that support.
2020-06-12 17:47:22 +02:00
Claude Paroz 3460ea49e8
Added Kyrgyz language.
Thanks Soyuzbek orozbek uulu for contributing that support.
2020-05-20 12:29:59 +02:00
Chris Burchhardt d2b9a9fdbb Refs #28622 -- Corrected PASSWORD_RESET_TIMEOUT/PASSWORD_RESET_TIMEOUT_DAYS docs.
Removed outdated note about an extra day in PASSWORD_RESET_TIMEOUT
docs and incorrect "minimum" phrase.
2020-05-05 08:19:25 +02:00
Adam Johnson 72b97a5b1e Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'. 2020-02-05 14:39:01 +01:00
Pavel Lysak 13e4abf83e Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports. 2020-01-16 15:25:49 +01:00
Claude Paroz 188b003014 Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default input formats. 2020-01-07 11:08:40 +01:00
Rabah Saadi 5b7450080f Added Algerian Arabic language. 2019-12-14 16:26:31 +01:00
Claude Paroz 6ccb1b68bc Added Uzbek language. 2019-11-04 14:50:00 +01:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Mariusz Felisiak 3d716467a9 Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline. 2019-09-10 12:01:00 +02:00
Nick Pope 406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Claude Paroz 05d0eca635 Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. 2019-09-09 08:15:26 +02:00
Claude Paroz 0468159763 Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True. 2019-08-18 13:17:49 +02:00
Ran Benita 19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies. 2019-04-08 11:26:06 +02:00
Nick Pope 398afba084 Updated spelling and RFCs in HttpOnly cookie flag docs. 2019-03-27 10:09:23 -04:00
Himanshu Lakhara 22aab8662f Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644. 2019-02-08 14:53:15 -05:00
Tim Graham 8045dff98c Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. 2019-01-17 10:50:25 -05:00
Claude Paroz 31ebb1d564 Added Armenian language 2019-01-10 10:50:42 +01:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Jon Dufresne ad9a28ee38 Refs #29784 -- Normalized Python docs links to omit the version. 2018-09-25 10:19:42 +02:00
Tim Graham 5cc81cd9eb Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."
This reverts commit b3cffde555 due to
a regression and performance concerns.
2018-05-26 21:06:58 -04:00
Jon Dufresne b3cffde555 Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set. 2018-04-17 13:02:05 -04:00
Alex Gaynor 9a56b4b13e Fixed #27863 -- Added support for the SameSite cookie flag.
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
Tim Graham 5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Claude Paroz d6859a1489 Added Kabyle language
Forward port of bfc3fa3d3b from stable/2.0.x
2017-12-01 21:52:06 +01:00
Tim Graham afd375fc34
Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples. 2017-11-01 10:57:59 -04:00
Duarte Fernandes 019c2600a6 Fixed #28747 -- Fixed typos in django/conf/global_settings.py comments. 2017-10-26 21:48:31 -04:00
Tim Graham 48d57788ee Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. 2017-09-22 12:51:18 -04:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham d334f46b7a Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES. 2017-01-17 20:52:04 -05:00
Preston Timmons b52c73008a Fixed #15667 -- Added template-based widget rendering.
Thanks Carl Meyer and Tim Graham for contributing to the patch.
2016-12-27 17:50:10 -05:00
Raphael Michel ddf169cdac Refs #16859 -- Allowed storing CSRF tokens in sessions.
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-30 08:57:27 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Denis Cornehl a840710e1e Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware. 2016-10-10 14:55:59 -04:00
Tim Graham ef021412d5 Normalized spelling of ETag. 2016-09-09 11:00:21 -04:00