Commit Graph

58 Commits

Author SHA1 Message Date
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Russell Keith-Magee d71097111a Fixed #11322 -- Clarified docs regarding middleware processing. Thanks the Michael Malone for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11048 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:34:27 +00:00
Jacob Kaplan-Moss c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Luke Plant cdc8c61bc3 Made default MIDDLEWARE_CLASSES same as in project_template.
And updated docs, and also corrected them about middleware by removing
'XViewMiddleware'



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:20:40 +00:00
Luke Plant 20f7e51493 Reverted 10094 and 10095 (in favour of solution that will hopefully land for beta 2)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:02:46 +00:00
Luke Plant 4e7a4eda3d Updated all refs to default middleware in docs.
(adding CSRF, removing XView which is no longer a default)



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-19 23:28:16 +00:00
Gary Wilson Jr f76cb41251 A few minor wording, whitespace, punctuation, and link changes for the middleware documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9833 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-15 05:46:00 +00:00
Jacob Kaplan-Moss 97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00