Tim Graham
63670a474c
Removed a CSRF example for jQuery < 1.5.
2014-06-18 14:58:50 -04:00
Tim Graham
0be4d64487
Fixed #22859 -- Improved crossDomain technique in CSRF example.
...
Thanks flisky for the report.
2014-06-18 14:35:38 -04:00
Tim Graham
dd55132643
Removed extras/csrf_migration_helper.py
2014-06-09 11:53:09 -04:00
Roger Hu
9b729ddd8f
Fixed #22185 -- Added settings.CSRF_COOKIE_AGE
...
Thanks Paul McMillan for the review.
2014-03-06 08:28:43 -05:00
Ian Foote
af64f829d7
Fix typo CRSF -> CSRF
2014-01-29 16:54:02 +00:00
Alasdair Nicol
81f454a322
Update link to jQuery Cookie plugin site
2013-05-24 14:36:17 +01:00
Silvan Spross
6a479955f0
Add missing imports and models to the examples in security documentation
2013-05-19 13:29:49 +02:00
Tim Graham
93cffc3b37
Added missing markup to docs.
2013-03-22 13:50:07 -04:00
Aymeric Augustin
720888a146
Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.
...
Thanks Samuel Lavitt for the report and Sascha Peilicke for the patch.
2013-02-07 09:48:08 +01:00
Tim Graham
ba50d3e05b
Fixed #14633 - Organized settings reference docs and added a topical index.
...
Thanks Gabriel Hurley for the original idea
and adamv for the draft patch.
2013-01-12 18:44:53 -05:00
Aymeric Augustin
7ee7599ab3
Removed versionadded/changed annotations dating back to 1.4.
2012-12-29 21:59:08 +01:00
Tim Graham
15202baace
Fixed #17058 - Clarified where extras/csrf_migration_helper.py is located
2012-09-29 16:41:55 -04:00
Tim Graham
e376558ed2
Fixed #16936 - Updated javascript for CSRF protection.
...
Thanks Idan Gazit for the patch.
2012-09-01 06:03:01 -04:00
Aymeric Augustin
c28e700c7e
Removed references to changes made in 1.2.
...
Thanks Florian Apolloner for the patch.
2012-06-07 15:02:35 +02:00
Aymeric Augustin
17f3e9258e
Fixed #18397 -- Avoided referencing lawrence.com.
...
This commit includes multiple small related changes, see the ticket
for a full discussion.
2012-06-07 11:50:20 +02:00
Carl Meyer
8cadf1d79a
Fixed #17790 - Made the Ajax CSRF jQuery example work with jQuery in compatibility mode, too. Thanks Jonathan Hayward for the suggestion.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 16:06:11 +00:00
Luke Plant
0447cc1231
Added versionadded info for ensure_csrf_cookie decorator
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-27 14:40:36 +00:00
Luke Plant
59b2439e7e
Fixed ReST typo in CSRF docs.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-27 14:40:27 +00:00
Adrian Holovaty
937213c2c3
Edited csrf.txt changes from [17299]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30 20:36:54 +00:00
Aymeric Augustin
39201d8fe5
Fixed #16704 -- Documented how to insert the CSRF token outside of Django's own template engine. Thanks paulcwatts and bpeschier for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30 14:55:44 +00:00
Timo Graham
c29e089000
Fixed #17105 - Typos in docs/ref/contrib/csrf.txt; thanks googol for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17109 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-19 10:53:26 +00:00
Luke Plant
d1e5c55258
Fixed many more ReST indentation errors, somehow accidentally missed from [16955]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 00:12:01 +00:00
Ramiro Morales
932b1b8d6d
Converted links to external topics so they use intersphinx extension markup.
...
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.
Fixes #16586 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Jannis Leidel
566b3295fa
Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:58:19 +00:00
Timo Graham
f3bf62230a
Fixed #16606 - Typo in docs/ref/contrib/csrf.txt; thanks selwin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16612 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:25:57 +00:00
Brian Rosner
99cd76e273
Added a note about the AJAX CSRF example not working on jQuery 1.5
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-14 18:36:05 +00:00
Carl Meyer
0e03a504bf
Refs #15855 -- Recommended the csrf_protect decorator rather than vary_on_cookie as workaround for cache_page caching the response before it gets to middleware.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16361 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 16:18:40 +00:00
Luke Plant
528157ce73
Fixed #14201 - Add a "security overview" page to the docs
...
Thanks to davidfischer for the initial patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 15:14:36 +00:00
Ramiro Morales
50ad59527c
Tweaked some `render_to_response` links in the documentation.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16255 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 18:36:01 +00:00
Simon Meers
5ecb88c146
Fixed #16014 -- numerous documentation typos -- thanks psmith.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-13 04:33:42 +00:00
Luke Plant
396bc58889
Updated AJAX example code in CSRF docs to be consistent regarding what are safe HTTP methods
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:46:02 +00:00
Luke Plant
cb060f0f34
Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
...
Thanks to brodie for the report, and further input from tow21
This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant
8cbcf1d3a6
Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
...
Thanks to cfattarsi for the report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant
a75120927e
Added 'settings' section to CSRF docs, eliminating the unneeded 'Subdomains' section
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:10 +00:00
Luke Plant
d3641d889b
Clarified wording about use of 2 decorators in CSRF docs
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:02 +00:00
Luke Plant
bf7af2be15
Added clarifying note to docs for CSRF_COOKIE_DOMAIN
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant
b6c5f8060d
Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
...
Thanks to sayane for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 21:35:24 +00:00
Luke Plant
e9342e9b32
Fixed #15469 - CSRF token is inserted on GET requests
...
Thanks to goran for report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:57 +00:00
Luke Plant
7c648ea4aa
Mentioned simplification of AJAX example code in CSRF docs.
...
Refs #15469 . Thanks to aaugustin for the suggestion
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:49 +00:00
Luke Plant
5df93d529d
Documented the edge case of needing a view that is partly CSRF protected
...
Refs #15518 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:52 +00:00
Luke Plant
b5da093fa9
In CSRF docs, moved 'Exceptions' section to 'Edge cases', and cleaned up some associated markup
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:45 +00:00
Luke Plant
eadcbcb131
Fixed #15518 - documented requires_csrf_token
...
Thanks to vzima for a report that raised the issue.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:36 +00:00
Luke Plant
1d350a6c51
Changed an example in CSRF docs to use new 'render' shortcut
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:28 +00:00
Luke Plant
ae1866ddef
Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs
...
Thanks to nick for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 15:40:01 +00:00
Luke Plant
96520e87bd
Corrected factual error regarding logging in the CSRF docs
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16047 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 11:39:10 +00:00
Luke Plant
8823021625
Removed deprecated CsrfResponseMiddleware, and corresponding tests and docs
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:34:26 +00:00
Luke Plant
37343bac8a
Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 11:27:58 +00:00
Luke Plant
d068a04244
Fixed #15284 - improved example jQuery code for adding X-CSRF-Token
...
Using the ajaxSend event is better than beforeSend, because the beforeSend
callback can have only one value, which makes it painful if it is needed by
multiple bits of javascript.
Thanks to LukeMaurer for report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15515 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 23:37:35 +00:00
Alex Gaynor
208630aa4b
Fixed a security issue in the CSRF component. Disclosure and new release forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 02:06:27 +00:00
Timo Graham
2ea93f9327
Fixed #14000 - remove versionadded/changed tags for Django 1.0 and 1.1
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-26 00:37:14 +00:00