p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
31,138 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

97 Commits

Author SHA1 Message Date
Carlton Gibson ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
tommcn 8e63390640 Corrected CSRF reference in middleware docs. 2022-03-17 06:03:10 +01:00
Mariusz Felisiak 97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
David Smith 1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
Nick Pope c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
bankc db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header. 
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
 2021-03-30 19:59:24 +02:00
Carlton Gibson ad11f5b8c9 Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. 2020-10-22 14:15:19 +02:00
Mariusz Felisiak 4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Min ho Kim 103a6f4307 Fixed some typos in comments and docs. 
Thanks to Mads Jenson for review.
 2019-10-02 15:50:46 +02:00
Mar Sánchez f1d4a540b2 Refs #15396 -- Mentioned full path to GZipMiddleware in documentation. 2019-10-02 14:39:01 +02:00
Carlton Gibson 9446950470 Refs #28699 -- Clarified CSRF middleware ordering in relation to RemoteUserMiddleware. 2019-10-02 13:11:03 +02:00
Nick Pope 406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header. 
Thanks to James Bennett for the initial implementation.
 2019-09-09 13:35:41 +02:00
Nick Pope fc62e16291 Standardized links for headers in security middleware documentation. 2019-09-09 13:35:17 +02:00
Mariusz Felisiak 5ab75adb90 Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0. 2019-06-03 14:08:51 +02:00
Carlton Gibson bae66e759f Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. 2019-01-30 11:02:26 -05:00
Daniel Musketa ca2856fb62 Fixed typo in docs/ref/middleware.txt. 2018-11-14 09:47:22 -05:00
Daniel Hepper a6fb5b1fe0 Remove documenation for non-existent middleware (#9998) 
The docs contained a reference to the class
django.middleware.exception.ExceptionMiddleware. This class was introduced in
05c888ffb8. It was removed in 7d1b69dbe7, but the documentation remained.
 2018-05-27 16:08:50 +02:00
Mariusz Felisiak 7c81b28ebc
Updated various links in docs to use HTTPS. 2018-01-07 14:28:41 +01:00
Tim Graham bc95314ca6 Fixed #28786 -- Doc'd middleware ordering considerations due to CommonMiddleware setting Content-Length. 2017-11-14 12:01:24 -05:00
Tim Graham 8f8a4d10d3 Refs #26447 -- Removed outdated ETag comment in CommonMiddleware. 
Follow up to 48d57788ee.
 2017-11-11 20:45:17 -05:00
Tim Graham 5446b72003 Removed versionadded/changed annotations for 1.11. 2017-09-22 12:51:18 -04:00
Tim Graham 48d57788ee Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. 2017-09-22 12:51:18 -04:00
Claude Paroz 01f658644a Updated various links in docs to avoid redirects 
Thanks Tim Graham and Mariusz Felisiak for review and completion.
 2017-05-22 19:28:44 +02:00
Tim Graham e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Raphael Michel ddf169cdac Refs #16859 -- Allowed storing CSRF tokens in sessions. 
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
 2016-11-30 08:57:27 -05:00
Tim Graham 7301770254 Fixed typo in docs/ref/middleware.txt. 2016-11-06 13:22:08 +01:00
Adam Malinowski 37809b891e Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware. 2016-11-05 22:24:54 +01:00
Tim Graham 61f9243e51 Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. 2016-10-14 12:48:03 -04:00
Kevin Christopher Henry ad332e5ca9 Refs #19705 -- Made GZipMiddleware make ETags weak. 
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
 2016-10-13 14:22:54 -04:00
Denis Cornehl a840710e1e Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware. 2016-10-10 14:55:59 -04:00
Tim Graham ef021412d5 Normalized spelling of ETag. 2016-09-09 11:00:21 -04:00
Ed Morley 3c2447dd13 Fixed #26947 -- Added an option to enable the HSTS header preload directive. 2016-08-10 20:23:54 -04:00
Ed Morley 8c3bc5cd78 Fixed docs to refer to HSTS includeSubdomains as a directive. 
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
 2016-08-08 20:20:49 -04:00
Claude Paroz 9588718cd4 Fixed #5897 -- Added the Content-Length response header in CommonMiddleware 
Thanks Tim Graham for the review.
 2016-06-27 10:44:57 +02:00
Tim Graham 46a38307c2 Removed versionadded/changed annotations for 1.9. 2016-05-20 11:44:29 -04:00
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
 2016-05-19 05:02:19 +03:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005. 
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
 2016-05-17 07:22:22 -04:00
rowanv a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Tim Graham 54848a96dd Removed versionadded/changed annotations for 1.8. 2015-09-23 19:31:11 -04:00
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Claude Paroz 64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
jorgecarleitao 7c642cafbb Fixed typo in docs/ref/middleware.txt 2015-07-27 07:15:49 -04:00
Jan Pazdziora a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Marissa Zhou 8b1f39a727 Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES. 
Also moved it in the project template.
 2015-06-08 12:32:38 -04:00
Dave Hodder 08c980d752 Updated capitalization in the word "JavaScript" for consistency 2015-05-01 13:26:42 -04:00
Tim Graham c79faae761 Removed versionadded/changed notes for 1.7. 2015-02-01 21:02:40 -05:00
Berker Peksag df0523debc Fixed #23531 -- Added CommonMiddleware.response_redirect_class. 2014-11-04 17:56:57 -05:00
Thomas Chaumeny d3db878e4b Moved CSRF docs out of contrib. 2014-11-03 07:47:39 -05:00
Tim Graham 52ef6a4726 Fixed #17101 -- Integrated django-secure and added check --deploy option 
Thanks Carl Meyer for django-secure and for reviewing.

Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews.
 2014-09-12 15:05:23 -04:00