Commit Graph

423 Commits

Author SHA1 Message Date
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mykola Nicholas f3a03d5b61 Changed charset and collation link to MySQL docs. 2019-06-11 11:16:27 +02:00
Mariusz Felisiak b6c4766f53
Refs #29548 -- Updated docs for MariaDB support. 2019-05-27 19:59:49 +02:00
Matthias Kestenholz 80482e9249 Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting.
This partly reverts commit 4400d8296d.
2019-04-24 10:54:03 +02:00
Ran Benita 19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies. 2019-04-08 11:26:06 +02:00
Mariusz Felisiak 4cbe2b06ce
Fixed typo in docs/ref/settings.txt. 2019-04-02 09:10:11 +02:00
Nick Pope 198a2a9381 Removed unnecessary /static from links to PostgreSQL docs. 2019-03-29 21:49:44 -04:00
Tim Graham 879cc3da62 Moved extlinks in docs config to allow using 'version' variable.
After a stable branch is created, 'master' will change to
'stable/' + version + '.x'.
2019-03-28 20:47:51 -04:00
Tim Graham a68c029e22
Used extlinks for Django's source code. 2019-03-28 20:32:17 -04:00
Nick Pope 07daa487ae Refs #1660 -- Doc'd the LANGUAGES_BIDI setting. 2019-03-28 20:04:24 +01:00
Nick Pope 398afba084 Updated spelling and RFCs in HttpOnly cookie flag docs. 2019-03-27 10:09:23 -04:00
Himanshu Lakhara 22aab8662f Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644. 2019-02-08 14:53:15 -05:00
Aymeric Augustin 3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Tim Graham b709d70130 Simplified and corrected LOGIN_URL, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL docs. 2019-02-05 19:45:29 -05:00
Carlton Gibson bae66e759f Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. 2019-01-30 11:02:26 -05:00
Tim Graham 8045dff98c Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. 2019-01-17 10:50:25 -05:00
Tim Graham ec7e179aeb Removed versionadded/changed annotations for 2.1. 2019-01-17 10:50:25 -05:00
Tim Graham 4c7c608a1d Reverted "Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb."
This reverts commits b3b1d3d45f and
9fa0d3786f due to reverse build failures
for which a solution isn't forthcoming.
2018-12-05 15:30:23 -05:00
Mariusz Felisiak ff8020ed49 Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces. 2018-11-13 18:22:41 -05:00
romgar b3b1d3d45f Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb.
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
2018-11-06 16:57:50 -05:00
Mayank Singhal 76b3367035 Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs. 2018-10-25 11:39:52 -04:00
Jon Dufresne 0cd465b63a Fixed #29817 -- Deprecated settings.FILE_CHARSET. 2018-10-15 17:15:41 -04:00
Kate Berry b8b1d8cad6 Improved tone in docs/ref/settings.txt. 2018-10-04 11:35:19 -04:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Jon Dufresne 8c3e0eb1c1 Normalized spelling of "lowercase" and "lowercased". 2018-09-25 10:30:18 -04:00
Claude Paroz e8531cc89c Prevented unexpected link in settings docs 2018-06-10 15:11:39 +02:00
Tim Graham 5cc81cd9eb Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."
This reverts commit b3cffde555 due to
a regression and performance concerns.
2018-05-26 21:06:58 -04:00
Tim Graham 7543ab1f8d Removed versionadded/changed annotations for 2.0. 2018-05-17 11:00:10 -04:00
Jon Dufresne b3cffde555 Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set. 2018-04-17 13:02:05 -04:00
Alex Gaynor 9a56b4b13e Fixed #27863 -- Added support for the SameSite cookie flag.
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
Tim Graham 5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Ashaba 95fd5cf459 Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs. 2018-01-24 13:38:15 -05:00
Frédéric Massart a5f1e5809f Clarified who the AdminEmailHandler emails. 2017-11-21 11:49:15 -05:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tim Graham afd375fc34
Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples. 2017-11-01 10:57:59 -04:00
Tim Graham 0edff2107f Refs #28248 -- Clarified the precision of PASSWORD_RESET_TIMEOUT_DAYS. 2017-10-12 14:58:18 -04:00
Jon Ribbens 44f08422c8 Fixed #28625 -- Distinguished DATABASES['TIME_ZONE'] from settings.TIME_ZONE. 2017-09-28 09:42:08 -04:00
Tim Graham 5446b72003 Removed versionadded/changed annotations for 1.11. 2017-09-22 12:51:18 -04:00
Tim Graham 48d57788ee Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. 2017-09-22 12:51:18 -04:00
Tim Graham c7d58c6f43 Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD. 2017-07-25 15:12:50 -04:00
Laura e58c87cb70 Fixed #28336 -- Fixed typo in docs/ref/settings.txt. 2017-06-27 21:41:10 -04:00
Mariusz Felisiak 516b7664dc Fixed #28260 -- Allowed customizing the test tablespace initial and autoextend size on Oracle.
Thanks Tim Graham for the review.
2017-06-02 18:35:56 +02:00
François Freitag 88336fdbb5 Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL.
When a connection pooler is set up in transaction pooling mode, queries
relying on server-side cursors fail. The DISABLE_SERVER_SIDE_CURSORS
setting in DATABASES disables server-side cursors for this use case.
2017-05-06 06:59:04 -04:00
Mariusz Felisiak a3af8c99d9 Removed extra characters in docs header underlines. 2017-03-20 18:30:32 -04:00
Tim Graham c577d8a498 Described DEBUG_PROPAGATE_EXCEPTIONS behavior in more detail. 2017-03-09 12:18:17 -05:00
Tim Graham 80493b0871 Fixed #27829 -- Deprecated settings.DEFAULT_CONTENT_TYPE. 2017-02-16 07:59:44 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Tim Graham d334f46b7a Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES. 2017-01-17 20:52:04 -05:00
Tim Graham 9e734875fe Fixed #24994 -- Documented the expected type of settings.SECRET_KEY. 2016-12-28 07:36:37 -05:00