Commit Graph

23 Commits

Author SHA1 Message Date
Flávio Juvenal 0af14b2eaa Refs #16870 -- Doc'd that CSRF protection requires the Referer header. 2017-06-22 11:50:00 -04:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Shivang Bharadwaj 6a74950513 Fixed #27258 -- Prohibited django.Template.render() with non-dict context.
Thanks Shivang Bharadwaj for the initial patch.
2016-12-28 16:03:20 -05:00
Vaclav Ehrlich 369fa471f4 Fixed #26201 -- Documented the consequences of rotating the CSRF token on login. 2016-04-05 11:02:38 -04:00
Tim Graham acd3606049 Removed blank line to appease isort. 2015-11-17 19:01:06 -05:00
Raphael Michel 16945f0e9c Fixed #25695 -- Added template_name parameter to csrf_failure() view. 2015-11-17 14:28:18 -05:00
Aymeric Augustin 88a5f17d25 Fixed #24389 -- Isolated the CSRF view from the TEMPLATES setting.
Thanks uranusjr for the report and analysis.
2015-02-22 15:46:35 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Claude Paroz ffa548fb56 Updated link to CSRF docs
Refs #23866.
2014-12-25 14:01:15 +01:00
Claude Paroz 234a2e0b6b Fixed #23866 -- Harmonized refs to Django documentation from code 2014-12-25 13:53:13 +01:00
Bouke Haarsma 9b95fa7777 Fixed #21322 -- Error message when CSRF cookie is missing
Thanks to Henrik Levkowetz and olau for their reports and initial patches.
2013-11-03 20:05:10 +01:00
Bouke Haarsma 6107435386 Fixed #21324 -- Translate CSRF failure view
Thanks to Claude Paroz for the original patch.
2013-11-02 11:22:30 +01:00
Claude Paroz deed192dda Removed usage of mimetype kwarg of HttpResponse
Refs #16519.
2012-06-30 21:19:07 +02:00
Paul McMillan a3bb4df895 Improved CSRF error message.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-21 23:54:02 +00:00
Luke Plant 71a7466dd6 Fixed #16009 - typo in CSRF_FAILRE_TEMPLATE.
Thanks to adehnert for report and patch.

Though I flail to see what problem it was causing...

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16216 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-12 03:03:16 +00:00
Luke Plant 26cda43012 Switched to HTML5 doctype in all Django supplied templates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16050 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 17:40:53 +00:00
Russell Keith-Magee a904e55859 Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Luke Plant e8cff0b8f3 Added explanatory note on CSRF failure page for the case of a missing Referer header.
This is intended to help power users who have disabled Referer headers, or
installed add-ons which have done so, and to help web site administrators
with debugging, since this problem will be browser specific and not a
programming error.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-03 16:28:10 +00:00
Luke Plant 6b2d6e1833 Fixed #13590 - Made CSRF failure page styling consistent with Django's default error page styling.
Thanks to alefteris for suggestion.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13300 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-22 18:42:16 +00:00
Luke Plant 53b2c3867b Fixed #12130 - documented need for csrf_protect on views that don't accept POST
Includes:
   
 * proper documentation for csrf_protect
 * notes in comments app.
 * specific upgrade notes for comments app

Thanks to carljm for report and debugging.




git-svn-id: http://code.djangoproject.com/svn/django/trunk@11711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 14:40:37 +00:00
Luke Plant c5c7791e91 Improved HTML in CSRF debug template - <code> instead of <tt>
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-29 14:17:39 +00:00
Luke Plant 5df19aa99e Small improvement to CSRF failure template.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 22:20:03 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00