Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
...
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Avaneesh Kumar
705b1702bd
Fixed #34742 -- Made CommonMiddleware raise APPEND_SLASH RuntimeError on DELETE requests.
2023-12-08 05:56:36 +01:00
David Smith
097e3a70c1
Refs #33476 -- Applied Black's 2023 stable style.
...
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.
https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
David Wobrock
99bd5fb4c2
Refs #34074 -- Used headers argument for RequestFactory and Client in docs and tests.
2023-01-04 09:11:36 +01:00
Carlton Gibson
0bd2c0c901
Fixed #33735 -- Added async support to StreamingHttpResponse.
...
Thanks to Florian Vazelle for initial exploratory work, and to Nick
Pope and Mariusz Felisiak for review.
2022-12-22 10:41:12 +01:00
Andreas Pelme
ab7a85ac29
Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware.
2022-12-17 08:46:37 +01:00
Nick Pope
9bd174b9a7
Updated documentation and comments for RFC updates.
...
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Nick Pope
2bc47d7fe9
Avoided assignment followed by immediate return.
...
Identified using the following command:
$ pcre2grep --line-number --multiline --recursive \
"(?s)(\n +)(\w+) = [^\n]+\1return \2;?$" \
django docs extras js_tests scripts tests
2022-10-31 12:31:13 +01:00
Anders Kaseorg
fbac2a4dd8
Fixed #33700 -- Skipped extra resolution for successful requests not ending with /.
...
By moving a should_redirect_with_slash call out of an if block, commit
9390da7fb6
negated the performance fix
of commit 434d309ef6
(#24720 ).
Meanwhile, the logging issue #26293 that it targeted was subsequently
fixed more fully by commit 40b69607c7
(#26504 ), so it is no longer needed. This effectively reverts it.
This speeds up successful requests not ending with / when APPEND_SLASH
is enabled (the default, and still useful in projects with a mix of
URLs with and without trailing /). The amount of speedup varies from
about 5% in a typical project to nearly 50% on a benchmark with many
routes.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-06-02 15:15:04 +02:00
Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
David Smith
1024b5e74a
Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.
2021-07-29 06:24:12 +02:00
Tim Graham
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
bankc
db5b75f10f
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
...
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Carlton Gibson
ad11f5b8c9
Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.
2020-10-22 14:15:19 +02:00
Tom Carrick
bcc2befd0e
Fixed #31789 -- Added a new headers interface to HttpResponse.
2020-09-14 08:41:59 +02:00
Claude Paroz
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Viktor Lomakin
ee6b17187f
Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses with non-empty content.
2019-10-10 09:51:05 +02:00
Nick Pope
406dba04e1
Fixed #29406 -- Added support for Referrer-Policy header.
...
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Claude Paroz
05d0eca635
Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.
2019-09-09 08:15:26 +02:00
Hasan Ramezani
090ca6512f
Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ADMINS/MANAGERS is set incorrectly.
2019-07-02 07:34:07 +02:00
Nick Pope
413d50b5ff
Corrected settings names in SecurityMiddleware tests.
2019-03-20 20:15:34 -04:00
Jon Dufresne
c492fdfd24
Removed default empty content argument from HttpResponse calls.
2019-02-09 16:27:32 -05:00
Tim Graham
043bd70942
Updated test URL patterns to use path() and re_path().
2018-12-31 10:47:32 -05:00
Simon Charette
0f212db29d
Made reused RequestFactory instances class attributes.
2018-11-27 09:49:02 -05:00
Artur Juraszek
817c6cdf0e
Capitalized SecurityMiddleware headers for consistency with other headers.
...
(No behavior change since HTTP headers are case insensitive.)
2018-10-30 18:30:51 -04:00
Andreas Hug
a656a68127
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
Tim Graham
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
500532c95d
Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().
2017-02-09 09:03:47 -05:00
Vytis Banaitis
8838d4dd49
Refs #23919 -- Replaced kwargs.pop() with keyword-only arguments.
2017-02-01 11:41:56 -05:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Claude Paroz
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
za
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
Sven Engström
f46a838efc
Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a trailing slash.
2016-11-06 10:38:36 +01:00
Adam Malinowski
37809b891e
Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware.
2016-11-05 22:24:54 +01:00
Kevin Christopher Henry
2327fad54e
Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests.
2016-10-17 16:11:53 -04:00
Tim Graham
61f9243e51
Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.
2016-10-14 12:48:03 -04:00
Kevin Christopher Henry
9108696a75
Refs #19705 -- Changed gzip modification times to 0.
...
This makes gzip output deterministic, which allows
ConditionalGetMiddleware to reliably compare ETags on gzipped
content (views using the gzip_page() decorator in particular).
2016-10-14 07:41:42 -04:00
Kevin Christopher Henry
ad332e5ca9
Refs #19705 -- Made GZipMiddleware make ETags weak.
...
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
2016-10-13 14:22:54 -04:00
Kevin Christopher Henry
bd7237d7ec
Fixed #19705 -- Set proper headers on conditional Not Modified responses.
2016-10-12 14:43:25 -04:00
Denis Cornehl
a840710e1e
Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.
2016-10-10 14:55:59 -04:00
Kevin Christopher Henry
4ef0e019b7
Fixed #27083 -- Added support for weak ETags.
2016-09-10 08:14:52 -04:00
Ed Morley
3c2447dd13
Fixed #26947 -- Added an option to enable the HSTS header preload directive.
2016-08-10 20:23:54 -04:00
Ed Morley
8c3bc5cd78
Fixed docs to refer to HSTS includeSubdomains as a directive.
...
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
Tim Graham
0850236a8c
Fixed a typo in tests/middleware/test_security.py
2016-07-28 22:00:48 -04:00
andrewnester
20d39325ca
Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response has Cache-Control: no-store.
2016-07-15 15:34:00 -04:00