Flávio Juvenal
0af14b2eaa
Refs #16870 -- Doc'd that CSRF protection requires the Referer header.
2017-06-22 11:50:00 -04:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Shivang Bharadwaj
6a74950513
Fixed #27258 -- Prohibited django.Template.render() with non-dict context.
...
Thanks Shivang Bharadwaj for the initial patch.
2016-12-28 16:03:20 -05:00
Vaclav Ehrlich
369fa471f4
Fixed #26201 -- Documented the consequences of rotating the CSRF token on login.
2016-04-05 11:02:38 -04:00
Tim Graham
acd3606049
Removed blank line to appease isort.
2015-11-17 19:01:06 -05:00
Raphael Michel
16945f0e9c
Fixed #25695 -- Added template_name parameter to csrf_failure() view.
2015-11-17 14:28:18 -05:00
Aymeric Augustin
88a5f17d25
Fixed #24389 -- Isolated the CSRF view from the TEMPLATES setting.
...
Thanks uranusjr for the report and analysis.
2015-02-22 15:46:35 +01:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Claude Paroz
ffa548fb56
Updated link to CSRF docs
...
Refs #23866 .
2014-12-25 14:01:15 +01:00
Claude Paroz
234a2e0b6b
Fixed #23866 -- Harmonized refs to Django documentation from code
2014-12-25 13:53:13 +01:00
Bouke Haarsma
9b95fa7777
Fixed #21322 -- Error message when CSRF cookie is missing
...
Thanks to Henrik Levkowetz and olau for their reports and initial patches.
2013-11-03 20:05:10 +01:00
Bouke Haarsma
6107435386
Fixed #21324 -- Translate CSRF failure view
...
Thanks to Claude Paroz for the original patch.
2013-11-02 11:22:30 +01:00
Claude Paroz
deed192dda
Removed usage of mimetype kwarg of HttpResponse
...
Refs #16519 .
2012-06-30 21:19:07 +02:00
Paul McMillan
a3bb4df895
Improved CSRF error message.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-21 23:54:02 +00:00
Luke Plant
71a7466dd6
Fixed #16009 - typo in CSRF_FAILRE_TEMPLATE.
...
Thanks to adehnert for report and patch.
Though I flail to see what problem it was causing...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16216 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-12 03:03:16 +00:00
Luke Plant
26cda43012
Switched to HTML5 doctype in all Django supplied templates.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16050 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 17:40:53 +00:00
Russell Keith-Magee
a904e55859
Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Luke Plant
e8cff0b8f3
Added explanatory note on CSRF failure page for the case of a missing Referer header.
...
This is intended to help power users who have disabled Referer headers, or
installed add-ons which have done so, and to help web site administrators
with debugging, since this problem will be browser specific and not a
programming error.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-03 16:28:10 +00:00
Luke Plant
6b2d6e1833
Fixed #13590 - Made CSRF failure page styling consistent with Django's default error page styling.
...
Thanks to alefteris for suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13300 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-22 18:42:16 +00:00
Luke Plant
53b2c3867b
Fixed #12130 - documented need for csrf_protect on views that don't accept POST
...
Includes:
* proper documentation for csrf_protect
* notes in comments app.
* specific upgrade notes for comments app
Thanks to carljm for report and debugging.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 14:40:37 +00:00
Luke Plant
c5c7791e91
Improved HTML in CSRF debug template - <code> instead of <tt>
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-29 14:17:39 +00:00
Luke Plant
5df19aa99e
Small improvement to CSRF failure template.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 22:20:03 +00:00
Luke Plant
7230a995ce
Moved contrib.csrf.* to core code.
...
There is stub code for backwards compatiblity with Django 1.1 imports.
The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00