Luke Plant
840ffd80ba
Noted that SECURE_PROXY_SSL_HEADER is needed by CSRF protection.
...
Both false positives and false negatives of HttpRequest.is_secure can be
dangerous.
2012-06-04 21:41:05 +01:00
Ramiro Morales
e9a56606e7
Fixed broken URLs introduced in 1adc87cd32
.
2012-05-03 12:42:56 -03:00
Ramiro Morales
1adc87cd32
Updated some URLs in the documentation to point to the new repository.
2012-05-03 11:53:17 -03:00
Claude Paroz
eefb00f301
Fixed #18220 -- Removed the CACHE_BACKEND setting, as per official deprecation timeline.
...
Thanks Ramiro Morales for the review.
2012-04-29 20:47:36 +02:00
Claude Paroz
cb2fafe574
Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17862 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-01 17:13:55 +00:00
Aymeric Augustin
9ed6e08ff9
Removed deprecated URLField.verify_exists.
...
The deprecation schedule was slightly accelerated because of possible security ramifications.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17847 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-31 13:55:03 +00:00
Aymeric Augustin
00ec03fd44
Fixed #17733 -- Discouraged setting TIME_ZONE to None when USE_TZ is True. Thanks berdario for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-26 14:17:13 +00:00
Claude Paroz
78638a9a51
Replaced http by https in djangoproject.com links
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17703 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-13 17:53:31 +00:00
Adrian Holovaty
2ade1e916f
Edited stuff from [17543] to [17629]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17630 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 17:16:52 +00:00
Jannis Leidel
d93a2ef887
Fixed #17568 -- Mentioned ``reverse_lazy`` in the ``LOGIN_REDIRECT_URL`` settings docs. Thanks, zsiciarz.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17626 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 16:56:04 +00:00
Timo Graham
d2988ce0f4
Fixed #17767 - Added signed cookie session backed to session engine settings docs; thanks Preston Holmes.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17606 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-01 01:06:22 +00:00
Aymeric Augustin
6daad896fb
Reverted r17577 because it's actually possible to use a time zone that isn't the system time zone without pytz, thanks to the TZ environment variable.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17578 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-22 21:42:50 +00:00
Aymeric Augustin
8842183448
Noted that TIME_ZONE must be the server time zone when time zone support is enabled and pytz isn't installed.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-22 21:13:36 +00:00
Timo Graham
7d7d2d354c
Fixed #16758 - Added a warning regarding overriding default settings; thanks cyclops for the suggestion & Aymeric Augustin for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-20 19:08:22 +00:00
Aymeric Augustin
1d78897c5d
Fixed #17166 -- Documented how FIXTURE_DIRS works in the inital data how-to, and edited related bits in the settings reference.
...
Performed minor edits for consistency while I was there.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19 09:02:52 +00:00
Aymeric Augustin
7a7ec73efe
Fixed #16452 -- Clarified that the DATE/DATETIME/TIME_INPUT_FORMATS settings have no effect when USE_L10N is True. Thanks Travis Brooks.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19 08:00:06 +00:00
Adrian Holovaty
7981efe04f
Documentation (and some small source code) edits from [17432] - [17537]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-17 20:04:11 +00:00
Jannis Leidel
ec5e2f0ccc
Fixed #17460 -- Extended the HIDDEN_SETTINGS constant in with a few more sensible names of settings to hide in the debug view. Many thanks to chomik, lpiatek and tomaszrybak.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17481 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:45 +00:00
Adrian Holovaty
d4f11eb776
Fixed incorrect 'setting::' prefix in settings.txt
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30 21:13:08 +00:00
Adrian Holovaty
61f0aff811
Fixed #14597 -- Added a SECURE_PROXY_SSL_HEADER setting for cases when you're behind a proxy that 'swallows' the fact that a request is HTTPS
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-16 22:06:06 +00:00
Jannis Leidel
6f66b55108
Fixed #17255 -- Removed "as" prefix from new timezone template filter names for the sake of clarity. Cheers to Aymeric Augustin for bearing with me.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17107 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 15:00:08 +00:00
Aymeric Augustin
9b1cb755a2
Added support for time zones. Thanks Luke Plant for the review. Fixed #2626 .
...
For more information on this project, see this thread:
http://groups.google.com/group/django-developers/browse_thread/thread/cf0423bbb85b1bbf
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17106 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 13:01:06 +00:00
Luke Plant
3b7a4c6adc
Fixed #17117 - ADMIN_MEDIA_PREFIX should still be visible in docs
...
Thanks to claudep for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17063 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-01 21:37:12 +00:00
Aymeric Augustin
67e6e0fcf3
Fixed #17087 -- Re-organized the i18n docs to reduce confusion between USE_I18N/USE_L10N and the concepts of internationalization/localisation. Re
...
moved some duplicate content.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17026 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-22 17:17:57 +00:00
Carl Meyer
145a77edc9
Fixed #16360 -- Added WSGI entrypoint to startproject layout, and enabled internal servers (runserver and runfcgi) to use an externally-defined WSGI application. Thanks to Armin Ronacher, Jannis Leidel, Alex Gaynor, ptone, and Jacob Kaplan-Moss.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-22 04:30:10 +00:00
Aymeric Augustin
246580573d
Fixed #12308 -- Added tablespace support to the PostgreSQL backend.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 21:49:43 +00:00
Luke Plant
d1e5c55258
Fixed many more ReST indentation errors, somehow accidentally missed from [16955]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 00:12:01 +00:00
Aymeric Augustin
846fc7260a
Fixed typo in r16935. Refs #17012 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16936 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-07 15:33:55 +00:00
Aymeric Augustin
510ea906f7
Fixed #17012 - Removed references to the 'hasNoProfanities' validator. Refs #8794 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16935 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-07 08:35:20 +00:00
Julien Phalip
fc06ec0daf
Fixed #16876 -- Fixed a cross reference in the settings reference doc. Thanks to Gumnos for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16855 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-19 07:33:32 +00:00
Julien Phalip
357910c1c6
Rectified the settings reference documentation to indicate that `USE_L10N` (and not `USE_I18N`) controls the activation of locale-dictated formats.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16850 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-18 07:50:50 +00:00
Carl Meyer
00678334aa
Fixed #16863 -- Corrected ReST markup to avoid errors building docs.
...
Although directives such as "note" and "warning" will accept content
immediately following the directive, this is technically where arguments to the
directive should go (see http://sphinx.pocoo.org/rest.html#directives ). Putting
the content there means that any lines beginning with an inline text role
(e.g. ":setting:`DEBUG`") will be mis-interpreted as an option block for the
directive. To avoid this error, there should always be a blank line between the
directive start and the directive content.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16842 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-16 18:06:42 +00:00
Carl Meyer
d1d6109229
Added release note and updated TEMPLATE_DEBUG documentation for r16833. Thanks jezdez for the reminder.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16841 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-16 17:07:19 +00:00
Russell Keith-Magee
5f287f75f2
Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:47:00 +00:00
Russell Keith-Magee
893cea211a
Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:46:38 +00:00
Alex Gaynor
d036b87126
Remove no-longer-valid references to the DATABASE_* settings, the legacy code for them was already removed.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09 17:14:47 +00:00
Jannis Leidel
6819312c98
Fixed #15918 -- Refined documentation of the various localization settings, especially with regard to the thousand separator. Thanks, Aymeric Augustin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-08 13:25:17 +00:00
Ramiro Morales
932b1b8d6d
Converted links to external topics so they use intersphinx extension markup.
...
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.
Fixes #16586 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Julien Phalip
5c1b4ab75b
Fixed #16729 -- Fixed a small typo in the settings reference doc. Thanks to simon.cruanes.2007@m4x.org for the report and to Aymeric Augustin for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-02 03:47:49 +00:00
Malcolm Tredinnick
f77666a4af
Documented some Oracle-specific test settings.
...
Patch from aaugustin that should help people with specific testing
requirements for Oracle set things up in their preferred way. The
settings have always existed, but now they are documented.
Fixes #16478 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-22 06:35:52 +00:00
Jannis Leidel
566b3295fa
Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:58:19 +00:00
Chris Beaven
956da729d1
Add a note to USE_L10N settings documentation that startproject sets USE_L10N = True
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-12 00:08:37 +00:00
Jannis Leidel
38a2444277
Fixed #16050 -- BACKWARDS-INCOMPATIBLE CHANGE: Moved static files of the admin to conventional file system location.
...
This also removes the need for ADMIN_MEDIA_PREFIX and replaces it with the convention to find admin's static files at STATIC_URL + 'admin/'.
Thanks to Jacob for the review and general help.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-30 09:06:19 +00:00
Luke Plant
45e55b9143
Fixed #14614 - filtering of sensitive information in 500 error reports.
...
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.
Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant
524c5fa07a
Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
...
Many thanks to rniemeyer for the patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel
49f57a5d28
Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Jannis Leidel
f60d428463
Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Luke Plant
8cbcf1d3a6
Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
...
Thanks to cfattarsi for the report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant
bf7af2be15
Added clarifying note to docs for CSRF_COOKIE_DOMAIN
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant
171df93170
Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
...
Thanks to aaugustin for implementing this.
(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954 ).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00