Matt Robenolt
b0c56b895f
Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
...
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Joshua Kehn
e687794f6b
Cleaned up docstrings in csrf_tests/tests.py.
2015-09-05 09:20:57 -04:00
Joshua Kehn
ab26b65b2f
Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS.
...
Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other
domains that are included during the CSRF Referer header verification
for secure (HTTPS) requests.
2015-09-05 09:19:57 -04:00
Simon Charette
be67400b47
Refs #24652 -- Used SimpleTestCase where appropriate.
2015-05-20 13:46:13 -04:00
Jay Cox
eef95ea96f
Fixed #24696 -- Made CSRF_COOKIE computation lazy.
...
Only compute the CSRF_COOKIE when it is actually used. This is a
significant speedup for clients not using cookies.
Changed result of the “test_token_node_no_csrf_cookie” test: It gets
a valid CSRF token now which seems like the correct behavior.
Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to
use get_token() to trigger CSRF cookie inclusion instead of changing
request.META["CSRF_COOKIE_USED"] directly.
2015-05-02 19:45:14 -04:00
Grzegorz Slusarek
668d53cd12
Fixed #21495 -- Added settings.CSRF_HEADER_NAME
2015-03-05 15:03:40 -05:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Claude Paroz
011f21b4fa
Used None-related assertions in CSRF tests
...
Thanks Markus Holtermann for spotting this.
2015-01-06 08:48:01 +01:00
Claude Paroz
27dd7e7271
Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
...
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
2015-01-06 08:42:58 +01:00
Aymeric Augustin
92e8f1f302
Moved context_processors from django.core to django.template.
2014-12-28 17:00:07 +01:00
Berker Peksag
f7969b0920
Fixed #23620 -- Used more specific assertions in the Django test suite.
2014-11-03 11:56:37 -05:00
Tim Graham
815e7a5721
Fixed #20128 -- Made CsrfViewMiddleware ignore IOError when reading POST data.
...
Thanks Walter Doekes.
2014-06-25 07:08:16 -04:00
Roger Hu
9b729ddd8f
Fixed #22185 -- Added settings.CSRF_COOKIE_AGE
...
Thanks Paul McMillan for the review.
2014-03-06 08:28:43 -05:00
Aymeric Augustin
e32095616c
Imported override_settings from its new location.
2013-12-23 21:37:56 +01:00
Jason Myers
7a61c68c50
PEP8 cleanup
...
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:50:49 -05:00
Alex Gaynor
9d740eb8b1
Fix all violators of E231
2013-10-26 12:15:03 -07:00
Alex Gaynor
9d11522599
Removed some more unused local vars
2013-09-08 12:20:01 -07:00
Olivier Sels
63a9555d57
Fixed #19436 -- Don't log warnings in ensure_csrf_cookie.
2013-05-18 16:17:46 +02:00
Florian Apolloner
051cb1f4c6
Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.
...
Thanks to edevil for the report and saz for the patch.
2013-05-18 12:32:47 +02:00
Florian Apolloner
89f40e3624
Merged regressiontests and modeltests into the test root.
2013-02-26 14:36:57 +01:00