Carlton Gibson
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mykola Nicholas
f3a03d5b61
Changed charset and collation link to MySQL docs.
2019-06-11 11:16:27 +02:00
Mariusz Felisiak
b6c4766f53
Refs #29548 -- Updated docs for MariaDB support.
2019-05-27 19:59:49 +02:00
Matthias Kestenholz
80482e9249
Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting.
...
This partly reverts commit 4400d8296d
.
2019-04-24 10:54:03 +02:00
Ran Benita
19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies.
2019-04-08 11:26:06 +02:00
Mariusz Felisiak
4cbe2b06ce
Fixed typo in docs/ref/settings.txt.
2019-04-02 09:10:11 +02:00
Nick Pope
198a2a9381
Removed unnecessary /static from links to PostgreSQL docs.
2019-03-29 21:49:44 -04:00
Tim Graham
879cc3da62
Moved extlinks in docs config to allow using 'version' variable.
...
After a stable branch is created, 'master' will change to
'stable/' + version + '.x'.
2019-03-28 20:47:51 -04:00
Tim Graham
a68c029e22
Used extlinks for Django's source code.
2019-03-28 20:32:17 -04:00
Nick Pope
07daa487ae
Refs #1660 -- Doc'd the LANGUAGES_BIDI setting.
2019-03-28 20:04:24 +01:00
Nick Pope
398afba084
Updated spelling and RFCs in HttpOnly cookie flag docs.
2019-03-27 10:09:23 -04:00
Himanshu Lakhara
22aab8662f
Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644.
2019-02-08 14:53:15 -05:00
Aymeric Augustin
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
Tim Graham
b709d70130
Simplified and corrected LOGIN_URL, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL docs.
2019-02-05 19:45:29 -05:00
Carlton Gibson
bae66e759f
Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.
2019-01-30 11:02:26 -05:00
Tim Graham
8045dff98c
Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.
2019-01-17 10:50:25 -05:00
Tim Graham
ec7e179aeb
Removed versionadded/changed annotations for 2.1.
2019-01-17 10:50:25 -05:00
Tim Graham
4c7c608a1d
Reverted "Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb."
...
This reverts commits b3b1d3d45f
and
9fa0d3786f
due to reverse build failures
for which a solution isn't forthcoming.
2018-12-05 15:30:23 -05:00
Mariusz Felisiak
ff8020ed49
Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces.
2018-11-13 18:22:41 -05:00
romgar
b3b1d3d45f
Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb.
...
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
2018-11-06 16:57:50 -05:00
Mayank Singhal
76b3367035
Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs.
2018-10-25 11:39:52 -04:00
Jon Dufresne
0cd465b63a
Fixed #29817 -- Deprecated settings.FILE_CHARSET.
2018-10-15 17:15:41 -04:00
Kate Berry
b8b1d8cad6
Improved tone in docs/ref/settings.txt.
2018-10-04 11:35:19 -04:00
Jon Dufresne
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
Jon Dufresne
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
Claude Paroz
e8531cc89c
Prevented unexpected link in settings docs
2018-06-10 15:11:39 +02:00
Tim Graham
5cc81cd9eb
Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."
...
This reverts commit b3cffde555
due to
a regression and performance concerns.
2018-05-26 21:06:58 -04:00
Tim Graham
7543ab1f8d
Removed versionadded/changed annotations for 2.0.
2018-05-17 11:00:10 -04:00
Jon Dufresne
b3cffde555
Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set.
2018-04-17 13:02:05 -04:00
Alex Gaynor
9a56b4b13e
Fixed #27863 -- Added support for the SameSite cookie flag.
...
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
Ashaba
95fd5cf459
Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs.
2018-01-24 13:38:15 -05:00
Frédéric Massart
a5f1e5809f
Clarified who the AdminEmailHandler emails.
2017-11-21 11:49:15 -05:00
Дилян Палаузов
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
Tim Graham
afd375fc34
Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples.
2017-11-01 10:57:59 -04:00
Tim Graham
0edff2107f
Refs #28248 -- Clarified the precision of PASSWORD_RESET_TIMEOUT_DAYS.
2017-10-12 14:58:18 -04:00
Jon Ribbens
44f08422c8
Fixed #28625 -- Distinguished DATABASES['TIME_ZONE'] from settings.TIME_ZONE.
2017-09-28 09:42:08 -04:00
Tim Graham
5446b72003
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
Tim Graham
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
c7d58c6f43
Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD.
2017-07-25 15:12:50 -04:00
Laura
e58c87cb70
Fixed #28336 -- Fixed typo in docs/ref/settings.txt.
2017-06-27 21:41:10 -04:00
Mariusz Felisiak
516b7664dc
Fixed #28260 -- Allowed customizing the test tablespace initial and autoextend size on Oracle.
...
Thanks Tim Graham for the review.
2017-06-02 18:35:56 +02:00
François Freitag
88336fdbb5
Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL.
...
When a connection pooler is set up in transaction pooling mode, queries
relying on server-side cursors fail. The DISABLE_SERVER_SIDE_CURSORS
setting in DATABASES disables server-side cursors for this use case.
2017-05-06 06:59:04 -04:00
Mariusz Felisiak
a3af8c99d9
Removed extra characters in docs header underlines.
2017-03-20 18:30:32 -04:00
Tim Graham
c577d8a498
Described DEBUG_PROPAGATE_EXCEPTIONS behavior in more detail.
2017-03-09 12:18:17 -05:00
Tim Graham
80493b0871
Fixed #27829 -- Deprecated settings.DEFAULT_CONTENT_TYPE.
2017-02-16 07:59:44 -05:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham
e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
Tim Graham
d334f46b7a
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
2017-01-17 20:52:04 -05:00
Tim Graham
9e734875fe
Fixed #24994 -- Documented the expected type of settings.SECRET_KEY.
2016-12-28 07:36:37 -05:00