Commit Graph

475 Commits

Author SHA1 Message Date
Tim Graham 2411b8b5eb Fixed #16010 -- Added Origin header checking to CSRF middleware.
Thanks David Benjamin for the original patch, and Florian
Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
2021-03-18 20:25:20 +01:00
Tim Graham dba44a7a7a Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme. 2021-03-18 20:00:22 +01:00
Simon Charette 3089018e95 Fixed #32446 -- Deprecated SERIALIZE test database setting.
Whether or not the state of a test database should be serialized can be
inferred from the set of databases allowed to be access from discovered
TestCase/TransactionTestCase enabling the serialized_rollback feature
which makes this setting unnecessary.

This should make a significant test suite bootstraping time difference
on large projects that didn't explicitly disable test database
serialization.
2021-02-24 20:31:11 +01:00
Markus Holtermann 50a5f8840f Refs #32394 -- Changed STATIC_URL/MEDIA_URL to relative paths in tests and docs where appropriate. 2021-02-06 13:41:35 +01:00
Mariusz Felisiak 0aa6a602b2 Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak 12ac4916af Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation timeline. 2021-01-14 17:50:04 +01:00
Mariusz Felisiak b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Tim Graham 2e7ba6057c Refs #28741 -- Doc'd SESSION_COOKIE_DOMAIN requirement with CSRF_USE_SESSIONS.
Similar considerations as refs #32065, again adding some nuance to
afd375fc34.
2021-01-04 07:49:30 +01:00
Carlton Gibson 0ed6f3ba4b
Corrected formatting in settings docs. 2020-12-15 12:08:45 +01:00
Tom Forbes b5e12d490a Fixed #31007 -- Allowed specifying type of auto-created primary keys.
This also changes the default type of auto-created primary keys
for new apps and projects to BigAutoField.
2020-12-15 11:25:46 +01:00
Mariusz Felisiak 5ce31d6a71
Fixed #32193 -- Deprecated MemcachedCache. 2020-12-09 21:27:32 +01:00
Nikita Sobolev 42f3fafdfa
Updated {% static %} tag examples in docs to use single quotes where appropriate. 2020-11-02 10:34:24 +01:00
Carlton Gibson 3d4ffd1ff0 Fixed #32065 -- Restored leading dot to CSRF_COOKIE_DOMAIN examples.
Partially reverts afd375fc34.

Thanks to Tim Graham for review.
2020-10-07 10:03:10 +02:00
Mariusz Felisiak 77caeaea88
Fixed #32012 -- Made test database creation sync apps models when migrations are disabled.
Thanks Jaap Roes for the report.
2020-09-23 10:54:04 +02:00
Nick Pope b4d46df5ca Fixed #29887 -- Added a cache backend for pymemcache. 2020-09-16 09:40:30 +02:00
Hasan Ramezani 70731fc6fe Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers. 2020-08-31 10:57:41 +02:00
Mariusz Felisiak d907371ef9 Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
Harpreet Sharma 248d03fbe9 Fixed #31821 -- Removed outdated note in FILE_UPLOAD_PERMISSIONS docs.
Follow up to 22aab8662f
2020-07-23 20:36:52 +02:00
Buk Bukowski f65454801b
Fixed #31814 -- Fixed typo in docs/ref/settings.txt. 2020-07-22 22:38:27 +02:00
Adam Johnson 80f92177eb
Improved description of USE_THOUSAND_SEPARATOR setting. 2020-07-20 12:54:55 +02:00
Hasan Ramezani a16080810b
Fixed #31696 -- Updated OWASP links in docs. 2020-06-15 09:44:08 +02:00
René Fleschenberg f24b59267b Refs #23097 -- Used new octal format in FILE_UPLOAD_PERMISSIONS docs. 2020-05-25 20:43:31 +02:00
Hasan Ramezani 643207efae
Fixed #31608 -- Doc'd that form ISO 8601 datetime parsing always retains tzinfo. 2020-05-21 20:45:39 +02:00
Mariusz Felisiak 4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Chris Burchhardt d2b9a9fdbb Refs #28622 -- Corrected PASSWORD_RESET_TIMEOUT/PASSWORD_RESET_TIMEOUT_DAYS docs.
Removed outdated note about an extra day in PASSWORD_RESET_TIMEOUT
docs and incorrect "minimum" phrase.
2020-05-05 08:19:25 +02:00
Mariusz Felisiak b28be08cac
Fixed broken links in docs. 2020-04-28 10:09:45 +02:00
Hasan Ramezani bec4dea844 Fixed #31400 -- Doc'd the expected type of CONN_MAX_AGE database option. 2020-03-27 06:32:42 +01:00
Adam Johnson 72b97a5b1e Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'. 2020-02-05 14:39:01 +01:00
Abhijeet a45c8d7ad0
Fixed #31126 -- Doc'd STATICFILES_DIRS namespacing in static files how-to. 2020-01-29 10:34:34 +01:00
Pavel Lysak 13e4abf83e Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports. 2020-01-16 15:25:49 +01:00
Claude Paroz 188b003014 Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default input formats. 2020-01-07 11:08:40 +01:00
Osaetin Daniel b33bfc3839 Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-12 10:52:31 +01:00
Gordon Pendleton adb9661789 Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True. 2019-12-05 09:44:45 +01:00
Aymeric Augustin c06492dd87 Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL. 2019-12-04 18:22:08 +01:00
Baptiste Mispelon ff1b19da67 Fixed #31029 -- Used more specific links to RFCs. 2019-11-27 20:54:38 +01:00
Jon Dufresne a69c4d626a Refs #25388 -- Corrected value of TEST MIGRATE setting in MIGRATION_MODULES docs. 2019-11-25 08:42:35 +01:00
Jon Dufresne f5ebdfce5c Fixed #25388 -- Added an option to allow disabling of migrations during test database creation. 2019-11-20 20:42:38 +01:00
Jon Dufresne fbbff7f808 Refs #29983 -- Added pathlib.Path support to the file email backend. 2019-11-06 09:33:07 +01:00
Jon Dufresne c8debd5061 Added a link to the file email backend from EMAIL_FILE_PATH setting. 2019-11-06 08:24:49 +01:00
René Fleschenberg d232fd76a8 Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes. 2019-10-11 15:30:33 +02:00
Oleg Kainov c574bec092 Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to relative paths.
Thanks Florian Apolloner for reviews.

Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-25 19:47:03 +02:00
Mariusz Felisiak 28e769dfe6 Fixed typo in docs/ref/settings.txt. 2019-09-23 08:17:58 +02:00
Luke Plant 45304e444e Refs #28622 -- Clarified security implications of PASSWORD_RESET_TIMEOUT. 2019-09-20 13:53:01 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Ben Falk 4056558a1c Fixed typos in docs/ref/settings.txt. 2019-09-13 20:36:35 +02:00
Mariusz Felisiak 3d716467a9 Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak 416c584cab Removed versionadded/changed annotations for 2.2. 2019-09-10 12:01:00 +02:00
Nick Pope 406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Claude Paroz 05d0eca635 Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. 2019-09-09 08:15:26 +02:00
Tobias Kunze 4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00