Andreas Hug
a656a68127
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
Tim Graham
8f8a4d10d3
Refs #26447 -- Removed outdated ETag comment in CommonMiddleware.
...
Follow up to 48d57788ee
.
2017-11-11 20:45:17 -05:00
Tim Graham
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
Anton Samarchyan
86de930f41
Refs #27656 -- Updated remaining docstring verbs according to PEP 257.
2017-03-04 10:02:06 -05:00
Asif Saifuddin Auvi
5f3a689f71
Imported django.http classes instead of django.http.
2017-02-27 14:47:11 -05:00
Claude Paroz
c688336ebc
Refs #23919 -- Assumed request COOKIES and META are str
2017-01-30 14:13:29 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Sven Engström
f46a838efc
Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a trailing slash.
2016-11-06 10:38:36 +01:00
Denis Cornehl
a840710e1e
Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.
2016-10-10 14:55:59 -04:00
Kevin Christopher Henry
4ef0e019b7
Fixed #27083 -- Added support for weak ETags.
2016-09-10 08:14:52 -04:00
andrewnester
20d39325ca
Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response has Cache-Control: no-store.
2016-07-15 15:34:00 -04:00
Claude Paroz
9588718cd4
Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
...
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
Tim Graham
563d534d33
Removed an unused logger in middleware/common.py
2016-06-04 12:01:44 -04:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Tim Graham
2cd2d18851
Fixed W503 flake8 warnings.
2016-04-04 17:14:26 -04:00
ieatkittens
9390da7fb6
Fixed #26293 -- Fixed CommonMiddleware to process PREPEND_WWW and APPEND_SLASH independently.
2016-03-23 09:23:19 -04:00
harikrishnakanchi
74670498e9
Fixed #25971 -- Made BrokenLinkEmailsMiddleware ignore APPEND_SLASH redirects.
...
If APPEND_SLASH=True and the referer is the URL without a trailing '/', then
BrokenLinkEmailsMiddleware shouldn't send an email.
2016-03-08 09:21:42 -05:00
Liam Brenner
182f98c4c7
Fixed typo in django/middleware/common.py docstring.
2016-02-09 08:06:26 -05:00
Denis Cornehl
186b6c61bf
Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
...
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Marten Kenbeek
16411b8400
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
...
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Derek J. Curtis
6be9589eb3
Fixed #25900 -- Fixed regression in CommonMiddleware ETag support.
2015-12-10 13:51:07 -05:00
Aymeric Augustin
11f10b70f3
Fixed #25302 (again) -- Ignored scheme when checking for bad referers.
...
The check introduced in 4ce433e
was too strict in real life. The poorly
implemented bots this patch attempted to ignore are sloppy when it comes
to http vs. https.
2015-11-26 21:27:12 +01:00
Maxime Lorant
4ce433e811
Fixed #25302 -- Prevented BrokenLinkEmailsMiddleware from reporting 404s when Referer = URL.
2015-08-24 19:35:49 -04:00
Denis Cornehl
7a40fef17a
Fixed #24935 -- Refactored common conditional GET handling.
2015-08-15 09:08:45 -04:00
Jay Cox
434d309ef6
Fixed #24720 -- Avoided resolving URLs that don't end in a slash twice in CommonMiddleware.
...
This speeds up affected requests by about 5%.
2015-07-31 12:04:06 -04:00
sujayskumar
2e70bf3785
Fixed #25017 -- Allowed customizing the DISALLOWED_USER_AGENTS response
2015-06-27 08:46:23 -04:00
Oliver A Bristow
4cd727095d
Fixed #24681 -- Removed Unicode bug in BrokenLinkEmailMiddleware
2015-04-21 22:02:04 +02:00
Bas Peschier
9128762f16
Fixed #19910 -- Added slash to i18n redirect if APPEND_SLASH is set.
...
This introduces a force_append_slash argument for request.get_full_path()
which is used by RedirectFallbackMiddleware and CommonMiddleware when
handling redirects for settings.APPEND_SLASH.
2015-03-26 09:26:55 -04:00
Claude Paroz
a0c2eb46dd
Fixed #23960 -- Removed http.fix_location_header
...
Thanks Carl Meyer for the report and Tim Graham for the review.
2015-03-18 18:22:50 +01:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Samuel Colvin
5b74134f27
Fixed #24145 -- Added PUT & PATCH to CommonMiddleware APPEND_SLASH redirect error.
2015-01-29 15:23:01 -05:00
Berker Peksag
df0523debc
Fixed #23531 -- Added CommonMiddleware.response_redirect_class.
2014-11-04 17:56:57 -05:00
Tim Graham
11e22129d5
Removed settings.SEND_BROKEN_LINK_EMAILS per deprecation timeline.
2014-03-21 07:15:58 -04:00
Claude Paroz
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Christopher Medrela
7477a4ffde
Fixed E125 pep8 warnings
2013-11-28 08:50:11 -05:00
Unai Zalakain
c7634cd7fe
Fixed #7603 -- Added a 'scheme' property to the HttpRequest object
...
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.
`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.
`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.
This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.
Thanks nslater for the suggestion.
2013-10-15 09:04:12 -04:00
Aymeric Augustin
acd7b34aaf
Advanced deprecation warnings for Django 1.7.
2013-06-29 18:49:37 +02:00
Ramiro Morales
0fa8d43e74
Replaced `and...or...` constructs with PEP 308 conditional expressions.
2013-05-26 23:47:50 -03:00
Claude Paroz
f940e564e4
Fixed #20099 -- Eased subclassing of BrokenLinkEmailsMiddleware
...
Thanks Ram Rachum for the report and the initial patch, and Simon
Charette for the review.
2013-05-25 12:10:53 +02:00
Claude Paroz
8fd44b2551
Fixed #20356 -- Prevented crash when HTTP_REFERER contains non-ascii
...
Thanks srusskih for the report and Aymeric Augustin for the review.
2013-05-18 12:39:11 +02:00
Aymeric Augustin
50a985b09b
Fixed #19099 -- Split broken link emails out of common middleware.
2013-01-15 17:41:45 +01:00
Aymeric Augustin
641acf76e7
Removed IGNORABLE_404_STARTS/ENDS settings.
2012-12-29 21:59:07 +01:00
Aymeric Augustin
973f539ab8
Fixed #15152 -- Avoided crash of CommonMiddleware on broken querystring
2012-11-03 21:28:33 +01:00
Aymeric Augustin
4b27813198
Fixed #7581 -- Added streaming responses.
...
Thanks mrmachine and everyone else involved on this long-standing ticket.
2012-10-20 20:05:11 +02:00
Claude Paroz
26ff2be787
Imported getLogger directly from logging module
...
This was a remainder of some 2.4 compatibility code.
2012-09-20 21:03:24 +02:00
Aymeric Augustin
e84f79f051
Fixed #18042 -- Advanced deprecation warnings.
...
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Jannis Leidel
746987f916
Fixed #17734 -- Made sure to only redirect translated URLs if they can actually be resolved to prevent unwanted redirects. Many thanks to Orne Brocaar and Anssi Kääriäinen for input.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17621 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 11:07:36 +00:00
Jannis Leidel
f0a1633425
Fixed #17358 -- Updated logging calls to use official syntax for arguments instead of string interpolation. Thanks, spulec.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17480 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:36 +00:00
Aymeric Augustin
e2f9c11736
Fixed #16705 - Made the test client adhere to the WSGI spec -- in particular, removed the assumption that environ['QUERY_STRING'] exists.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16933 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-06 20:39:15 +00:00