Commit Graph

448 Commits

Author SHA1 Message Date
Adam Johnson 72b97a5b1e Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'. 2020-02-05 14:39:01 +01:00
Abhijeet a45c8d7ad0
Fixed #31126 -- Doc'd STATICFILES_DIRS namespacing in static files how-to. 2020-01-29 10:34:34 +01:00
Pavel Lysak 13e4abf83e Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports. 2020-01-16 15:25:49 +01:00
Claude Paroz 188b003014 Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default input formats. 2020-01-07 11:08:40 +01:00
Osaetin Daniel b33bfc3839 Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-12 10:52:31 +01:00
Gordon Pendleton adb9661789 Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True. 2019-12-05 09:44:45 +01:00
Aymeric Augustin c06492dd87 Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL. 2019-12-04 18:22:08 +01:00
Baptiste Mispelon ff1b19da67 Fixed #31029 -- Used more specific links to RFCs. 2019-11-27 20:54:38 +01:00
Jon Dufresne a69c4d626a Refs #25388 -- Corrected value of TEST MIGRATE setting in MIGRATION_MODULES docs. 2019-11-25 08:42:35 +01:00
Jon Dufresne f5ebdfce5c Fixed #25388 -- Added an option to allow disabling of migrations during test database creation. 2019-11-20 20:42:38 +01:00
Jon Dufresne fbbff7f808 Refs #29983 -- Added pathlib.Path support to the file email backend. 2019-11-06 09:33:07 +01:00
Jon Dufresne c8debd5061 Added a link to the file email backend from EMAIL_FILE_PATH setting. 2019-11-06 08:24:49 +01:00
René Fleschenberg d232fd76a8 Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes. 2019-10-11 15:30:33 +02:00
Oleg Kainov c574bec092 Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to relative paths.
Thanks Florian Apolloner for reviews.

Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-25 19:47:03 +02:00
Mariusz Felisiak 28e769dfe6 Fixed typo in docs/ref/settings.txt. 2019-09-23 08:17:58 +02:00
Luke Plant 45304e444e Refs #28622 -- Clarified security implications of PASSWORD_RESET_TIMEOUT. 2019-09-20 13:53:01 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Ben Falk 4056558a1c Fixed typos in docs/ref/settings.txt. 2019-09-13 20:36:35 +02:00
Mariusz Felisiak 3d716467a9 Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak 416c584cab Removed versionadded/changed annotations for 2.2. 2019-09-10 12:01:00 +02:00
Nick Pope 406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Claude Paroz 05d0eca635 Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. 2019-09-09 08:15:26 +02:00
Tobias Kunze 4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
Claude Paroz 0468159763 Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True. 2019-08-18 13:17:49 +02:00
Adnan Umer c5075360c5 Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting. 2019-08-05 18:44:08 +02:00
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mykola Nicholas f3a03d5b61 Changed charset and collation link to MySQL docs. 2019-06-11 11:16:27 +02:00
Mariusz Felisiak b6c4766f53
Refs #29548 -- Updated docs for MariaDB support. 2019-05-27 19:59:49 +02:00
Matthias Kestenholz 80482e9249 Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting.
This partly reverts commit 4400d8296d.
2019-04-24 10:54:03 +02:00
Ran Benita 19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies. 2019-04-08 11:26:06 +02:00
Mariusz Felisiak 4cbe2b06ce
Fixed typo in docs/ref/settings.txt. 2019-04-02 09:10:11 +02:00
Nick Pope 198a2a9381 Removed unnecessary /static from links to PostgreSQL docs. 2019-03-29 21:49:44 -04:00
Tim Graham 879cc3da62 Moved extlinks in docs config to allow using 'version' variable.
After a stable branch is created, 'master' will change to
'stable/' + version + '.x'.
2019-03-28 20:47:51 -04:00
Tim Graham a68c029e22
Used extlinks for Django's source code. 2019-03-28 20:32:17 -04:00
Nick Pope 07daa487ae Refs #1660 -- Doc'd the LANGUAGES_BIDI setting. 2019-03-28 20:04:24 +01:00
Nick Pope 398afba084 Updated spelling and RFCs in HttpOnly cookie flag docs. 2019-03-27 10:09:23 -04:00
Himanshu Lakhara 22aab8662f Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644. 2019-02-08 14:53:15 -05:00
Aymeric Augustin 3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Tim Graham b709d70130 Simplified and corrected LOGIN_URL, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL docs. 2019-02-05 19:45:29 -05:00
Carlton Gibson bae66e759f Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. 2019-01-30 11:02:26 -05:00
Tim Graham 8045dff98c Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. 2019-01-17 10:50:25 -05:00
Tim Graham ec7e179aeb Removed versionadded/changed annotations for 2.1. 2019-01-17 10:50:25 -05:00
Tim Graham 4c7c608a1d Reverted "Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb."
This reverts commits b3b1d3d45f and
9fa0d3786f due to reverse build failures
for which a solution isn't forthcoming.
2018-12-05 15:30:23 -05:00
Mariusz Felisiak ff8020ed49 Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces. 2018-11-13 18:22:41 -05:00
romgar b3b1d3d45f Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb.
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
2018-11-06 16:57:50 -05:00
Mayank Singhal 76b3367035 Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs. 2018-10-25 11:39:52 -04:00
Jon Dufresne 0cd465b63a Fixed #29817 -- Deprecated settings.FILE_CHARSET. 2018-10-15 17:15:41 -04:00
Kate Berry b8b1d8cad6 Improved tone in docs/ref/settings.txt. 2018-10-04 11:35:19 -04:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Jon Dufresne 8c3e0eb1c1 Normalized spelling of "lowercase" and "lowercased". 2018-09-25 10:30:18 -04:00