django1/django/middleware
Luke Plant cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
..
__init__.py Imported Django from private SVN repository (created from r. 8825) 2005-07-13 01:25:57 +00:00
cache.py Fixed #4992 -- Respect the GET request query string when creating cache keys. Thanks PeterKz and guettli for the initial patch. 2011-03-02 12:47:36 +00:00
common.py Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore 2011-05-05 20:49:26 +00:00
csrf.py Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests 2011-05-09 23:45:54 +00:00
doc.py Fixed #8049 -- Fixed inconsistency in admin site is_active checks. Thanks for patch and tests, isagalaev 2010-01-10 16:51:13 +00:00
gzip.py Fixed #10630 -- Be even more conservative in GZipMiddleware for IE. 2009-04-12 04:14:23 +00:00
http.py Fixed #717 - If-Modified-Since handling should compare dates according to RFC 2616 2011-03-01 14:28:06 +00:00
locale.py Fixed #8121 -- Don't override the Content-Language HTTP header in the locale 2008-08-09 15:04:45 +00:00
transaction.py Second half of little cleanup tweaks suggested by pyflakes. 2006-07-21 20:39:17 +00:00