Luke Plant
e8cff0b8f3
Added explanatory note on CSRF failure page for the case of a missing Referer header.
...
This is intended to help power users who have disabled Referer headers, or
installed add-ons which have done so, and to help web site administrators
with debugging, since this problem will be browser specific and not a
programming error.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-03 16:28:10 +00:00
Luke Plant
f92a21daa7
Added proper code comments for the HTTPS CSRF protection.
...
Refs #13489 which noticed a vague comment - thanks pmclanahan
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13405 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-06-30 22:30:37 +00:00
Luke Plant
ac8b7ff021
Fixed #13716 - the CSRF get_token function stopped working for views with csrf_view_exempt
...
This was a regression caused by the the CSRF changes in 1.2.
Thanks to edevil for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13336 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-06-08 14:35:48 +00:00
Karen Tracey
8b2c1a484e
Fixed #6228 : Changed common middleware to respect request-specific urlconf. Thanks trey, skevy, and mikexstudios.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12704 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-07 20:03:04 +00:00
Adrian Holovaty
92568d31b8
Removed an 'assert False' I stupidly committed in [12165]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12166 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 17:37:48 +00:00
Adrian Holovaty
ca6f64a43f
Fixed #6094 -- Middleware exceptions are now caught by the core handler. Thanks, isagalaev
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12165 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 17:35:01 +00:00
Adrian Holovaty
19b72077f7
Fixed #8049 -- Fixed inconsistency in admin site is_active checks. Thanks for patch and tests, isagalaev
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12159 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 16:51:13 +00:00
Adrian Holovaty
933b9e8de7
Fixed #6991 -- Removed some redundant user.is_authenticated() calls in various places. Thanks, alexkoshelev, Liang Feng and Ivan Sagalaev
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12142 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-09 20:11:01 +00:00
Luke Plant
905dba3694
Misc clarifications in csrf middleware comments
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:31:20 +00:00
Luke Plant
d0b900e6f5
Slight change to CSRF error messages to make debugging easier.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 14:04:21 +00:00
Luke Plant
c2ffe94d9a
Removed unused import.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11664 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:49:33 +00:00
Luke Plant
7230a995ce
Moved contrib.csrf.* to core code.
...
There is stub code for backwards compatiblity with Django 1.1 imports.
The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Jacob Kaplan-Moss
d78cf61c99
BACKWARDS-INCOMPATIBLE CHANGE: Removed SetRemoteAddrFromForwardedFor middleware.
...
In a nutshell, it's been demonstrated that this middleware can never be made reliable enough for general-purpose use, and that (despite documentation to the contrary) its inclusion in Django may lead application developers to assume that the value of ``REMOTE_ADDR`` is "safe" or in some way reliable as a source of authentication. So it's gone.
See the Django 1.1 release notes for full details, as well as upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-29 05:35:51 +00:00
Malcolm Tredinnick
499a8ac331
Fixed #10630 -- Be even more conservative in GZipMiddleware for IE.
...
Patch from sebastien_noack.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10541 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-12 04:14:23 +00:00
Malcolm Tredinnick
30b568226f
Fixed #9199 -- We were erroneously only prepending "www" to the domain if we
...
also needed to append a slash (when PREPEND_WWW=True).
Based on a patch and tests from gonz. Thanks.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9184 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-07 08:22:50 +00:00
Malcolm Tredinnick
ba59295068
Fixed #9221 -- Small optimisation to caching middleware handling.
...
In the slightly unusual case that CACHE_MIDDLEWARE_SECONDS is set to 0, don't
bother storing a copy in the local cache.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9098 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-30 03:58:09 +00:00
Jacob Kaplan-Moss
40e5cde1c5
Fixed #7379 : fixed a subtle corner case involving URL encoding in `CommonMiddleware`
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 20:29:58 +00:00
Malcolm Tredinnick
1e1f7c58bc
Fixed #8381 -- Fixed a problem with appending slashes in the common middleware
...
when SCRIPT_NAME contains something other than '/'. Patch from jcassee.
Also fixed the middleware tests to work with this patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8456 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-21 01:32:18 +00:00
Gary Wilson Jr
c0d862d638
Fixed a typo and added a bit more ReST markup to cache middleware docstring.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8387 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 17:47:03 +00:00
Jacob Kaplan-Moss
7526590376
Split CacheMiddleware up into two parts -- an update-cache and a fetch-from-cache middleware. This lets you run each half of the cache middleware at the correct time to avoid bad interactions between the cache middleware and other middleware that must modify the cache key (like the locale middleware).
...
CacheMiddleware itself is still around for backwards-compatibility and as a hook point for the cache decorator, but the documentation has been updated to point people towards the two-part caching middleware.
Refs #730 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8260 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 15:07:45 +00:00
Malcolm Tredinnick
e8f18643cf
Fixed #8121 -- Don't override the Content-Language HTTP header in the locale
...
middleware if it's already been set. Thanks, jcassee.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8259 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 15:04:45 +00:00
Gary Wilson Jr
c85c8f8891
Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Malcolm Tredinnick
94beaa6ebb
Fixed #7046 -- set the response status code correctly in ConditionalGetMiddleware.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7793 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-30 07:03:58 +00:00
Adrian Holovaty
02bbd9a9b2
Fixed #7228 -- Fixed our ETag header creation to meet the HTTP spec, by quoting it. Thanks, skjohn@us.ibm.com
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7659 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-16 04:13:04 +00:00
Malcolm Tredinnick
5f477760ac
Fixed #6480 -- Added application/pdf the list of content types we don't compress when sending to Internet Explorer. Thanks, Bastien Kleineidam.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7080 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-04 01:40:53 +00:00
Malcolm Tredinnick
1f629bff99
Fixed #3228 -- Added new APPEND_SLASH handling behaviour in the common middleware. Makes customisation a bit easier. Thanks, Mihai Preda and Andy Gayton.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6852 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-02 23:25:55 +00:00
Malcolm Tredinnick
f2f6e70b08
Fixed #5813 -- Taught the CacheMiddleware to respect any max-age HTTP header
...
when setting the expiry time. Thanks, SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6736 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-29 16:57:18 +00:00
Gary Wilson Jr
5870ffd4b0
Made some stylistic changes in `GZipMiddleware` and added some notes about IE, refs #5313 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6697 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-19 03:41:46 +00:00
Malcolm Tredinnick
3ee3d6b5f3
Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary.
...
We now have automatic HEAD processing always (previously required ConditionalGetMiddleware), middleware benefits from the Location header rewrite, so they can use relative URLs as well, and responses with response codes 1xx, 204 or 304 will always have their content removed, in accordance with the HTTP spec (so it's much harder to indavertently deliver invalid responses).
Based on a patch and diagnosis from regexbot@gmail.com .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6662 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 03:55:44 +00:00
Gary Wilson Jr
5997cb8ad4
Removed unused variable.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 04:04:07 +00:00
Gary Wilson Jr
8c442f21dc
Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 03:59:40 +00:00
Malcolm Tredinnick
5ef7c4c525
Fixed #5762 -- Quoted the portions that make up the URL when appending
...
"www." or adding a trailing slash in common middleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 08:31:05 +00:00
Malcolm Tredinnick
c4cdb214a6
Fixed #5313 -- Only avoid compressing Javascript when the user agent says it's Internet Explorer. Thanks, mgiger@earthbrowser.com.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 03:45:48 +00:00
Jacob Kaplan-Moss
5ae6fafad7
Fixed #3872 , which turns out to not have been a bug in the first place, by reverting [6364].
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6397 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 17:03:14 +00:00
Adrian Holovaty
0f4fb9755c
Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in SetRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 16:54:16 +00:00
Malcolm Tredinnick
4b610f42d3
Added a get_host() method to HttpRequest. There is still an http.get_host() version in place, so this is fully backwards compatible.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6296 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 17:46:03 +00:00
Jacob Kaplan-Moss
ca9388cdaf
Added more dict-like methods to HttpResponse as part of the response.headers -> response._headers move, and fixed a few direct uses of response.headers in Django itself. Thanks to PhiR for tracking down and slaying these bugs.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6235 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 22:33:56 +00:00
Malcolm Tredinnick
0e7299e10a
Fixed #4994 -- Send back set-cookie headers in "not modified" responses. Well spotted, colin@owlfish.com.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5878 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-12 13:10:45 +00:00
Malcolm Tredinnick
c050b6a25a
Fixed #4946 -- Added some small improvements to Gzip middleware. Thanks, colin@owlfish.com.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5875 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-12 12:29:25 +00:00
Malcolm Tredinnick
5dd9a2ab38
Fixed #4199 -- Changed date formatting in HTTP expires header to be spec
...
compliant. Thanks, Chris Bennett.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5712 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-16 03:50:22 +00:00
Malcolm Tredinnick
50a3cea8b6
Fixed #4484 -- Fixed APPEND_SLASH handling to handle an empty path value.
...
Thanks, VesselinK.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5688 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-13 14:33:46 +00:00
Malcolm Tredinnick
9b397ee50d
Changed ETag computation to first check if an ETag header already exists in the
...
response.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5483 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-17 07:21:09 +00:00
Malcolm Tredinnick
7de9f79969
Fixed #3206 -- Fixed typo in [5407]. This time with bonus testing. Thanks,
...
Manuel Saelices.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5417 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-02 07:55:41 +00:00
Malcolm Tredinnick
63a1304f54
Fixed #3206 -- Changed ETag comparison to only return 304 when the normal
...
status code would be in the range 200 - 299. This matches RFC 2616
requirements. Based on a patch from Vinay Sajip.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5407 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-01 11:47:54 +00:00
Malcolm Tredinnick
439cb4047f
Fixed #4040 -- Changed uses of has_key() to "in". Slight performance
...
improvement and forward-compatible with future Python releases. Patch from Gary
Wilson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:30:48 +00:00
Luke Plant
9f180a1bc5
Added client IP address to the e-mail that is sent when an internal
...
broken link is detected. This is to help with filtering out
misbehaving bots.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5043 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-20 11:24:53 +00:00
Adrian Holovaty
6481cf43f9
Fixed #3808 -- Fixed some typos in comments. Thanks, Collin Grady
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-25 18:05:01 +00:00
Jacob Kaplan-Moss
5bafb499e7
Fixed #3052 : GZIP middleware now correctly reports Content-Length. Thanks, simonbun.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4089 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-11-22 20:31:09 +00:00
Luke Plant
8b216eb865
Improved detection of whether a URL is internal or not for the purpose
...
of broken link e-mails (referred links from images.google were being
misclassified).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3870 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-26 18:49:28 +00:00
Adrian Holovaty
33a9a8f21a
Altered [3778] change to match our coding/text style (django.middleware.common)
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3834 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-25 17:25:39 +00:00