innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
30,062 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

21 Commits

Author SHA1 Message Date
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
bankc db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header. 
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
 2021-03-30 19:59:24 +02:00
Mariusz Felisiak 0aa6a602b2 Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. 
Per deprecation timeline.
 2021-01-14 17:50:04 +01:00
Hasan Ramezani ba3fb2e4d0
Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code. 2021-01-12 11:22:13 +01:00
Hasan Ramezani 64331419c8
Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting. 2021-01-12 09:44:36 +01:00
Artem Kosenko b7f500396e Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenerated default keys. 
Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews.
 2020-11-11 12:45:34 +01:00
Mariusz Felisiak d907371ef9 Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. 
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
 2020-08-04 09:35:24 +02:00
Florian Apolloner 948a874425
Fixed #29324 -- Made SECRET_KEY validation lazy (on first access). 2020-07-29 09:06:54 +02:00
Nick Pope 406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header. 
Thanks to James Bennett for the initial implementation.
 2019-09-09 13:35:41 +02:00
Claude Paroz 05d0eca635 Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. 2019-09-09 08:15:26 +02:00
Adnan Umer c5075360c5 Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting. 2019-08-05 18:44:08 +02:00
Artur Juraszek 817c6cdf0e Capitalized SecurityMiddleware headers for consistency with other headers. 
(No behavior change since HTTP headers are case insensitive.)
 2018-10-30 18:30:51 -04:00
Tim Graham d334f46b7a Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES. 2017-01-17 20:52:04 -05:00
Tim Graham c27104a9c7 Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security. 2016-12-19 17:56:58 -05:00
Raphael Michel 33e86b3488 Refs #16859 -- Disabled CSRF_COOKIE_* checks when using CSRF_USE_SESSIONS. 2016-12-17 09:59:48 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Ed Morley 7399fee6c3 Refs #26947 -- Added a deployment system check for SECURE_HSTS_PRELOAD. 2016-08-10 20:31:01 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005. 
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
 2016-05-17 07:22:22 -04:00
rroskam ed514caed2 Fixed #24966 -- Added deployment system check for empty ALLOWED_HOSTS. 2015-07-15 09:18:58 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham 52ef6a4726 Fixed #17101 -- Integrated django-secure and added check --deploy option 
Thanks Carl Meyer for django-secure and for reviewing.

Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews.
 2014-09-12 15:05:23 -04:00