e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
ddf169cdac
Refs #16859 -- Allowed storing CSRF tokens in sessions.
...
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-30 08:57:27 -05:00
7301770254
Fixed typo in docs/ref/middleware.txt.
2016-11-06 13:22:08 +01:00
37809b891e
Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware.
2016-11-05 22:24:54 +01:00
61f9243e51
Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.
2016-10-14 12:48:03 -04:00
ad332e5ca9
Refs #19705 -- Made GZipMiddleware make ETags weak.
...
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
2016-10-13 14:22:54 -04:00
a840710e1e
Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.
2016-10-10 14:55:59 -04:00
ef021412d5
Normalized spelling of ETag.
2016-09-09 11:00:21 -04:00
3c2447dd13
Fixed #26947 -- Added an option to enable the HSTS header preload directive.
2016-08-10 20:23:54 -04:00
8c3bc5cd78
Fixed docs to refer to HSTS includeSubdomains as a directive.
...
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
9588718cd4
Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
...
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
46a38307c2
Removed versionadded/changed annotations for 1.9.
2016-05-20 11:44:29 -04:00
5112e65ef2
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
...
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
54848a96dd
Removed versionadded/changed annotations for 1.8.
2015-09-23 19:31:11 -04:00
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
64982cc2fb
Updated Wikipedia links to use https
2015-08-08 12:02:32 +02:00
7c642cafbb
Fixed typo in docs/ref/middleware.txt
2015-07-27 07:15:49 -04:00
a570701e02
Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.
2015-07-02 17:38:10 -04:00
8b1f39a727
Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.
...
Also moved it in the project template.
2015-06-08 12:32:38 -04:00
08c980d752
Updated capitalization in the word "JavaScript" for consistency
2015-05-01 13:26:42 -04:00
c79faae761
Removed versionadded/changed notes for 1.7.
2015-02-01 21:02:40 -05:00
df0523debc
Fixed #23531 -- Added CommonMiddleware.response_redirect_class.
2014-11-04 17:56:57 -05:00
d3db878e4b
Moved CSRF docs out of contrib.
2014-11-03 07:47:39 -05:00
52ef6a4726
Fixed #17101 -- Integrated django-secure and added check --deploy option
...
Thanks Carl Meyer for django-secure and for reviewing.
Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews.
2014-09-12 15:05:23 -04:00
0b5bafe993
Removed reference to old middleware
2014-06-30 20:36:18 +02:00
df09d85482
Fixed #17552 -- Removed a hack for IE6 and earlier.
...
It prevented the GZipMiddleware from compressing some data types even on
more recent version of IE where the corresponding bug was fixed.
Thanks Aaron Cannon for the report and Tim Graham for the review.
2014-06-10 08:42:31 +02:00
756c390fb5
Fixed #20816 -- Added hints about Django middleware ordering
...
Thanks gthb Trac user for the report, kolypto StackOverflow
user for the initial list and Tim Graham for the review.
2014-05-22 18:33:10 +02:00
465980d070
Added RemoteUserMiddleware to middleware reference page.
2014-04-16 07:22:15 -04:00
fd23c06023
Fixed #21649 -- Added optional invalidation of sessions when user password changes.
...
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-04-05 12:50:51 -04:00
51c8045145
Removed versionadded/changed annotations for 1.6.
2014-03-24 11:42:56 -04:00
907ac64641
Fixed typos in docs (django.contrib.site)
2014-03-21 19:56:31 +01:00
2b6436e2d5
Fixed some typos and formatting issues in docs.
2014-03-03 08:37:17 -05:00
b22d6c47a7
Fixed #17005 -- Added CurrentSiteMiddleware to set the current site on each request.
...
Thanks jordan at aace.org for the suggestion.
2014-02-06 04:45:49 -05:00
7a97df190c
Fixed #19277 -- Added LocaleMiddleware.response_redirect_class
...
Thanks ppetrid at yawd.eu for the suggestion.
2013-10-03 16:15:29 -04:00
da843e7dba
Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
...
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.
2013-09-11 08:17:15 -04:00
dab52d99fc
Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs.
...
Thanks simonb for the report.
2013-07-25 07:38:14 -04:00
660762681c
Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middleware
2013-05-19 13:18:35 +02:00
78c842a323
Adapted uses of versionchanged/versionadded to the new form.
...
Refs #20104 .
2013-04-20 17:18:35 +02:00
ac37ed21b3
Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.
...
Replaced them with per-database options, for proper multi-db support.
Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience.
2013-03-11 15:04:05 +01:00
50a985b09b
Fixed #19099 -- Split broken link emails out of common middleware.
2013-01-15 17:41:45 +01:00
9b5f64cc6e
Fixed #19516 - Fixed remaining broken links.
...
Added -n to sphinx builds to catch issues going forward.
2013-01-02 18:32:57 -05:00
7ee7599ab3
Removed versionadded/changed annotations dating back to 1.4.
2012-12-29 21:59:08 +01:00
11ded967c4
Fixed #19498 -- refactored auth documentation
...
The auth doc was a single page which had grown unwieldy.
This refactor split and grouped the content into sub-topics.
Additional corrections and cleanups were made along the way.
2012-12-28 11:06:12 -08:00
3e0857041b
Fixed #18473 - Fixed a suggestion that GZipMiddleware needs to be first in the list of middleware.
2012-10-17 15:46:59 -04:00
2d1214d92a
Fixed #14165 - Documented that TransactionMiddleware only applies to the default database.
2012-10-11 17:47:37 -04:00
07d70e9b26
Fixed #18656 -- Fixed LocaleMiddleware link; thanks mitar for the report.
2012-07-28 13:31:41 -04:00
c28e700c7e
Removed references to changes made in 1.2.
...
Thanks Florian Apolloner for the patch.
2012-06-07 15:02:35 +02:00
6ecadcbdd2
Made a bunch more edits up until [17418]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17428 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-03 20:45:45 +00:00
Tim Graham
Raphael Michel
Adam Malinowski
Kevin Christopher Henry
Denis Cornehl
Ed Morley
Claude Paroz
Shai Berger
Florian Apolloner
rowanv
jorgecarleitao
Jan Pazdziora
Marissa Zhou
Dave Hodder
Berker Peksag
Thomas Chaumeny
Aymeric Augustin
Thomas Schreiber
Rodolfo Carvalho
Christopher Medrela
Emil Stenström
Brenton Cleeland
Łukasz Langa
Juan Catalano
Preston Holmes
Adrian Holovaty