From 1a951fa8d474fc9e6114cf63b8ba012233c9afcd Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Tue, 31 May 2011 21:29:35 +0000 Subject: [PATCH] Added info to release notes about CSRF improvements git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/releases/1.4.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt index 8742103a36d..7fdf0d7e1cb 100644 --- a/docs/releases/1.4.txt +++ b/docs/releases/1.4.txt @@ -78,6 +78,16 @@ A new helper function, ``template.Library`` to ease the creation of template tags that store some data in a specified context variable. +CSRF improvements +~~~~~~~~~~~~~~~~~ + +We've made various improvements to our CSRF features, including the +:func:`~django.views.decorators.csrf.ensure_csrf_cookie` decorator which can +help with AJAX heavy sites, protection for PUT and DELETE, and settings +:setting:`CSRF_COOKIE_SECURE` and :setting:`CSRF_COOKIE_PATH` which can improve +the security and usefulness of the CSRF protection. See the :doc:`CSRF docs +` for more information. + .. _backwards-incompatible-changes-1.4: Backwards incompatible changes in 1.4