b33bfc3839
Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.
...
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-12 10:52:31 +01:00
adb9661789
Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True.
2019-12-05 09:44:45 +01:00
c06492dd87
Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL.
2019-12-04 18:22:08 +01:00
ff1b19da67
Fixed #31029 -- Used more specific links to RFCs.
2019-11-27 20:54:38 +01:00
a69c4d626a
Refs #25388 -- Corrected value of TEST MIGRATE setting in MIGRATION_MODULES docs.
2019-11-25 08:42:35 +01:00
f5ebdfce5c
Fixed #25388 -- Added an option to allow disabling of migrations during test database creation.
2019-11-20 20:42:38 +01:00
fbbff7f808
Refs #29983 -- Added pathlib.Path support to the file email backend.
2019-11-06 09:33:07 +01:00
c8debd5061
Added a link to the file email backend from EMAIL_FILE_PATH setting.
2019-11-06 08:24:49 +01:00
d232fd76a8
Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes.
2019-10-11 15:30:33 +02:00
c574bec092
Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to relative paths.
...
Thanks Florian Apolloner for reviews.
Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-25 19:47:03 +02:00
28e769dfe6
Fixed typo in docs/ref/settings.txt.
2019-09-23 08:17:58 +02:00
45304e444e
Refs #28622 -- Clarified security implications of PASSWORD_RESET_TIMEOUT.
2019-09-20 13:53:01 +02:00
226ebb1729
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-20 13:52:04 +02:00
4056558a1c
Fixed typos in docs/ref/settings.txt.
2019-09-13 20:36:35 +02:00
3d716467a9
Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline.
2019-09-10 12:01:00 +02:00
416c584cab
Removed versionadded/changed annotations for 2.2.
2019-09-10 12:01:00 +02:00
406dba04e1
Fixed #29406 -- Added support for Referrer-Policy header.
...
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
05d0eca635
Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.
2019-09-09 08:15:26 +02:00
4a954cfd11
Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
...
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:
- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous
Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
0468159763
Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.
2019-08-18 13:17:49 +02:00
c5075360c5
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
2019-08-05 18:44:08 +02:00
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
f3a03d5b61
Changed charset and collation link to MySQL docs.
2019-06-11 11:16:27 +02:00
b6c4766f53
Refs #29548 -- Updated docs for MariaDB support.
2019-05-27 19:59:49 +02:00
80482e9249
Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting.
...
This partly reverts commit 4400d8296d
2019-04-24 10:54:03 +02:00
19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies.
2019-04-08 11:26:06 +02:00
4cbe2b06ce
Fixed typo in docs/ref/settings.txt.
2019-04-02 09:10:11 +02:00
198a2a9381
Removed unnecessary /static from links to PostgreSQL docs.
2019-03-29 21:49:44 -04:00
879cc3da62
Moved extlinks in docs config to allow using 'version' variable.
...
After a stable branch is created, 'master' will change to
'stable/' + version + '.x'.
2019-03-28 20:47:51 -04:00
a68c029e22
Used extlinks for Django's source code.
2019-03-28 20:32:17 -04:00
07daa487ae
Refs #1660 -- Doc'd the LANGUAGES_BIDI setting.
2019-03-28 20:04:24 +01:00
398afba084
Updated spelling and RFCs in HttpOnly cookie flag docs.
2019-03-27 10:09:23 -04:00
22aab8662f
Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644.
2019-02-08 14:53:15 -05:00
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
b709d70130
Simplified and corrected LOGIN_URL, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL docs.
2019-02-05 19:45:29 -05:00
bae66e759f
Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.
2019-01-30 11:02:26 -05:00
8045dff98c
Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.
2019-01-17 10:50:25 -05:00
ec7e179aeb
Removed versionadded/changed annotations for 2.1.
2019-01-17 10:50:25 -05:00
4c7c608a1d
Reverted "Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb."
...
This reverts commits b3b1d3d45f9fa0d3786f
2018-12-05 15:30:23 -05:00
ff8020ed49
Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces.
2018-11-13 18:22:41 -05:00
b3b1d3d45f
Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb.
...
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
2018-11-06 16:57:50 -05:00
76b3367035
Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs.
2018-10-25 11:39:52 -04:00
0cd465b63a
Fixed #29817 -- Deprecated settings.FILE_CHARSET.
2018-10-15 17:15:41 -04:00
b8b1d8cad6
Improved tone in docs/ref/settings.txt.
2018-10-04 11:35:19 -04:00
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
e8531cc89c
Prevented unexpected link in settings docs
2018-06-10 15:11:39 +02:00
5cc81cd9eb
Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."
...
This reverts commit b3cffde555
2018-05-26 21:06:58 -04:00
7543ab1f8d
Removed versionadded/changed annotations for 2.0.
2018-05-17 11:00:10 -04:00
b3cffde555
Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set.
2018-04-17 13:02:05 -04:00
Osaetin Daniel
Gordon Pendleton
Aymeric Augustin
Baptiste Mispelon
Jon Dufresne
René Fleschenberg
Oleg Kainov
Mariusz Felisiak
Luke Plant
Hasan Ramezani
Ben Falk
Nick Pope
Claude Paroz
Tobias Kunze
Adnan Umer
Carlton Gibson
Mykola Nicholas
Matthias Kestenholz
Ran Benita
Tim Graham
Himanshu Lakhara
romgar
Mayank Singhal
Kate Berry