Mariusz Felisiak
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
2020-07-16 08:16:58 +02:00
Michael Brown
36db4dd937
Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash.
2020-06-11 08:46:59 +02:00
Mariusz Felisiak
7fc317ae73
Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2.
2020-06-03 08:47:19 +02:00
Mariusz Felisiak
0668164b4a
Fixed E128, E741 flake8 warnings.
2020-05-12 08:52:23 +02:00
Jon Dufresne
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
007
e65fea9292
Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.
2020-02-28 14:43:16 +01:00
Florian Apolloner
41a3b3d186
Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used.
...
Thanks to Oskar Persson for the report.
2020-02-11 20:39:12 +01:00
Florian Apolloner
549445519c
Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object."
...
This reverts commit cce47ff65a
.
2020-02-11 20:39:12 +01:00
Claude Paroz
e348ab0d43
Fixed #30997 -- Deprecated HttpRequest.is_ajax().
2020-01-27 08:54:32 +01:00
Claude Paroz
d66d72f956
Refs #30997 -- Added HttpRequest.accepts().
2020-01-24 14:24:59 +01:00
Jon Dufresne
e42b68debf
Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with reverse_lazy() locations.
2019-12-27 09:19:56 +01:00
Osaetin Daniel
b33bfc3839
Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.
...
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-12 10:52:31 +01:00
Gordon Pendleton
adb9661789
Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True.
2019-12-05 09:44:45 +01:00
Hasan Ramezani
e3d0b4d550
Fixed #30899 -- Lazily compiled import time regular expressions.
2019-10-29 09:22:26 +01:00
Carlton Gibson
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Chris Jerdonek
cce47ff65a
Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object.
2019-06-20 11:48:49 +02:00
Mariusz Felisiak
415e899dc4
Refs #30451 -- Added HttpRequest._set_content_type_params() hook.
2019-06-15 10:29:02 -07:00
ShingenPizza
de4832c49b
Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename is available.
2019-05-17 12:07:27 +02:00
Troon
a3a4f5c144
Fixed #30310 -- Added support for looking up HttpHeaders.headers using underscores.
2019-05-09 16:26:52 +02:00
Jon Dufresne
b915b9f10f
Refs #27753 -- Deprecated django.utils.text.unescape_entities().
...
The function was undocumented and only required for compatibility with
Python 2.
Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
Jon Dufresne
8b3f1c35dd
Removed unnecessary assignments in various code.
2019-04-24 13:09:29 +02:00
sage
9aa56cb0d5
Fixed #30294 -- Allowed HttpResponse to accept memoryview content.
2019-03-29 09:43:49 -04:00
Tim Graham
8ec7ded370
Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart request.
2019-03-02 09:19:05 -05:00
Tim Graham
2ed2acf872
Fixed #30227 -- Fixed crash on request without boundary in Content-Type.
2019-03-02 09:19:05 -05:00
Nick Pope
5013d38380
Optimized iterator exhaustion using collections.deque().
2019-02-14 18:21:57 -05:00
Aymeric Augustin
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
Jon Dufresne
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham
7c66aaa2b6
Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline.
2019-01-17 10:52:16 -05:00
Tim Graham
8045dff98c
Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.
2019-01-17 10:50:25 -05:00
Santiago Basulto
4fc35a9c3e
Fixed #20147 -- Added HttpRequest.headers.
2019-01-16 13:38:47 -05:00
Jon Dufresne
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
Jon Dufresne
ad9a28ee38
Refs #29784 -- Normalized Python docs links to omit the version.
2018-09-25 10:19:42 +02:00
Tim Graham
d8e2be459f
Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values.
...
Regression in 7d96f0c49a
.
2018-08-02 21:56:26 -04:00
François Freitag
93e721a0b8
Fixed django/http/request.py docstring typo.
2018-07-16 10:48:20 +02:00
Sergey Fedoseev
bcdd9149d4
Simplified HttpRequest.__iter__().
2018-07-10 09:13:36 -04:00
Josh Schneier
98e8c0293b
Removed unused HttpRequest._post_parse_error attribute.
...
Unused since 8f8c54f70b
.
2018-06-07 18:51:33 -04:00
Claude Paroz
a177f854c3
Fixed #16470 -- Allowed FileResponse to auto-set some Content headers.
...
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
2018-05-15 18:12:11 +02:00
Alex Gaynor
9a56b4b13e
Fixed #27863 -- Added support for the SameSite cookie flag.
...
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
Tim Graham
7d96f0c49a
Refs #27795 -- Replaced force_bytes() usage in django.http.
2018-02-07 14:28:15 -05:00
George-Cristian Bîrzan
5bf62825b5
Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri().
2018-01-10 14:05:10 -05:00
Alvin Lindstam
47a99d7012
Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use __Secure/Host prefixes.
2018-01-08 12:32:47 -05:00
Дилян Палаузов
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
Alexey
0afffae4ec
Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.
2018-01-02 11:22:59 -05:00
Дилян Палаузов
4c599ece57
Fixed #28930 -- Simplified code with any() and all().
2017-12-26 17:11:15 -05:00
Дилян Палаузов
23bf4ad87f
Fixed #28795 -- Removed 'not in' checks and used dict.setdefault().
2017-11-14 10:52:52 -05:00
Jonas Haag
a2851f204c
Fixed #28720 -- Added HttpRequest.get_full_path_info().
2017-11-07 15:58:05 -05:00
Дилян Палаузов
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
Tim Graham
cfff2af02b
Fixed #27857 -- Dropped support for Python 3.4.
2017-09-25 17:11:03 -04:00
Mariusz Felisiak
3f9d85d95c
Removed unused eof argument to BoundaryIter._find_boundary().
...
Unused since its introduction in d725cc9734
.
2017-09-22 10:47:14 -04:00
Tim Graham
6e4c6281db
Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
...
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00