0468159763
Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.
2019-08-18 13:17:49 +02:00
c5075360c5
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
2019-08-05 18:44:08 +02:00
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
f3a03d5b61
Changed charset and collation link to MySQL docs.
2019-06-11 11:16:27 +02:00
b6c4766f53
Refs #29548 -- Updated docs for MariaDB support.
2019-05-27 19:59:49 +02:00
80482e9249
Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting.
...
This partly reverts commit 4400d8296d
2019-04-24 10:54:03 +02:00
19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies.
2019-04-08 11:26:06 +02:00
4cbe2b06ce
Fixed typo in docs/ref/settings.txt.
2019-04-02 09:10:11 +02:00
198a2a9381
Removed unnecessary /static from links to PostgreSQL docs.
2019-03-29 21:49:44 -04:00
879cc3da62
Moved extlinks in docs config to allow using 'version' variable.
...
After a stable branch is created, 'master' will change to
'stable/' + version + '.x'.
2019-03-28 20:47:51 -04:00
a68c029e22
Used extlinks for Django's source code.
2019-03-28 20:32:17 -04:00
07daa487ae
Refs #1660 -- Doc'd the LANGUAGES_BIDI setting.
2019-03-28 20:04:24 +01:00
398afba084
Updated spelling and RFCs in HttpOnly cookie flag docs.
2019-03-27 10:09:23 -04:00
22aab8662f
Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644.
2019-02-08 14:53:15 -05:00
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
b709d70130
Simplified and corrected LOGIN_URL, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL docs.
2019-02-05 19:45:29 -05:00
bae66e759f
Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.
2019-01-30 11:02:26 -05:00
8045dff98c
Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.
2019-01-17 10:50:25 -05:00
ec7e179aeb
Removed versionadded/changed annotations for 2.1.
2019-01-17 10:50:25 -05:00
4c7c608a1d
Reverted "Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb."
...
This reverts commits b3b1d3d45f9fa0d3786f
2018-12-05 15:30:23 -05:00
ff8020ed49
Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces.
2018-11-13 18:22:41 -05:00
b3b1d3d45f
Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb.
...
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
2018-11-06 16:57:50 -05:00
76b3367035
Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs.
2018-10-25 11:39:52 -04:00
0cd465b63a
Fixed #29817 -- Deprecated settings.FILE_CHARSET.
2018-10-15 17:15:41 -04:00
b8b1d8cad6
Improved tone in docs/ref/settings.txt.
2018-10-04 11:35:19 -04:00
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
e8531cc89c
Prevented unexpected link in settings docs
2018-06-10 15:11:39 +02:00
5cc81cd9eb
Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."
...
This reverts commit b3cffde555
2018-05-26 21:06:58 -04:00
7543ab1f8d
Removed versionadded/changed annotations for 2.0.
2018-05-17 11:00:10 -04:00
b3cffde555
Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set.
2018-04-17 13:02:05 -04:00
9a56b4b13e
Fixed #27863 -- Added support for the SameSite cookie flag.
...
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
95fd5cf459
Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs.
2018-01-24 13:38:15 -05:00
a5f1e5809f
Clarified who the AdminEmailHandler emails.
2017-11-21 11:49:15 -05:00
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
afd375fc34
Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples.
2017-11-01 10:57:59 -04:00
0edff2107f
Refs #28248 -- Clarified the precision of PASSWORD_RESET_TIMEOUT_DAYS.
2017-10-12 14:58:18 -04:00
44f08422c8
Fixed #28625 -- Distinguished DATABASES['TIME_ZONE'] from settings.TIME_ZONE.
2017-09-28 09:42:08 -04:00
5446b72003
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
c7d58c6f43
Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD.
2017-07-25 15:12:50 -04:00
e58c87cb70
Fixed #28336 -- Fixed typo in docs/ref/settings.txt.
2017-06-27 21:41:10 -04:00
516b7664dc
Fixed #28260 -- Allowed customizing the test tablespace initial and autoextend size on Oracle.
...
Thanks Tim Graham for the review.
2017-06-02 18:35:56 +02:00
88336fdbb5
Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL.
...
When a connection pooler is set up in transaction pooling mode, queries
relying on server-side cursors fail. The DISABLE_SERVER_SIDE_CURSORS
setting in DATABASES disables server-side cursors for this use case.
2017-05-06 06:59:04 -04:00
a3af8c99d9
Removed extra characters in docs header underlines.
2017-03-20 18:30:32 -04:00
c577d8a498
Described DEBUG_PROPAGATE_EXCEPTIONS behavior in more detail.
2017-03-09 12:18:17 -05:00
80493b0871
Fixed #27829 -- Deprecated settings.DEFAULT_CONTENT_TYPE.
2017-02-16 07:59:44 -05:00
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
d334f46b7a
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
2017-01-17 20:52:04 -05:00
9e734875fe
Fixed #24994 -- Documented the expected type of settings.SECRET_KEY.
2016-12-28 07:36:37 -05:00
b52c73008a
Fixed #15667 -- Added template-based widget rendering.
...
Thanks Carl Meyer and Tim Graham for contributing to the patch.
2016-12-27 17:50:10 -05:00
c27104a9c7
Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security.
2016-12-19 17:56:58 -05:00
ddf169cdac
Refs #16859 -- Allowed storing CSRF tokens in sessions.
...
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-30 08:57:27 -05:00
501c993010
Fixed typo in docs/ref/settings.txt.
2016-11-11 07:01:48 -05:00
7fe2d8d940
Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.
...
This is a security fix.
2016-11-01 09:30:57 -04:00
da7910d483
Fixed CVE-2016-9013 -- Generated a random database user password when running tests on Oracle.
...
This is a security fix.
2016-11-01 09:30:57 -04:00
de91c172cf
Fixed #27410 -- Clarified when static files is enabled in STATIC_ROOT docs.
2016-10-31 15:17:40 -04:00
414ad25b09
Fixed #27327 -- Simplified time zone handling by requiring pytz.
2016-10-27 08:53:20 -04:00
51fbe2a60d
Updated postgresql.org links to https and made them canonical.
2016-10-25 11:43:32 -04:00
a840710e1e
Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.
2016-10-10 14:55:59 -04:00
9819676676
Updated links to the current version of MySQL docs.
2016-09-30 09:14:17 -04:00
43c471e81c
Fixed typo in docs/ref/settings.txt.
2016-09-15 19:52:49 -04:00
ef021412d5
Normalized spelling of ETag.
2016-09-09 11:00:21 -04:00
1d54fb4483
Made settings docs link to cache parameters more specific.
2016-08-31 12:31:30 -04:00
a3db480393
Fixed #27061 -- Added a TEST['TEMPLATE'] setting for PostgreSQL.
2016-08-23 15:08:20 -04:00
3c2447dd13
Fixed #26947 -- Added an option to enable the HSTS header preload directive.
2016-08-10 20:23:54 -04:00
8c3bc5cd78
Fixed docs to refer to HSTS includeSubdomains as a directive.
...
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
255fb99284
Fixed #17209 -- Added password reset/change class-based views
...
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
944e66cb1d
Reverted "Fixed #25388 -- Added an option to allow disabling of migrations during test database creation"
...
This reverts commit 157d7f1f1d
2016-07-14 09:21:28 -04:00
78963495d0
Refs #17209 -- Added LoginView and LogoutView class-based views
...
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
b5a1c3a6f5
Fixed #25920 -- Added support for non-uniform NUMBER_GROUPING.
2016-06-22 17:28:49 -04:00
17e661641d
Refs #26666 -- Added ALLOWED_HOSTS validation when running tests.
...
Also used ALLOWED_HOSTS to check for external hosts in assertRedirects().
2016-06-20 11:07:46 -04:00
c3495bb984
Fixed #12666 -- Added EMAIL_USE_LOCALTIME setting.
...
When EMAIL_USE_LOCALTIME=True, send emails with a Date header
in the local time zone.
2016-06-04 09:55:50 -04:00
46a38307c2
Removed versionadded/changed annotations for 1.9.
2016-05-20 11:44:29 -04:00
ece4d24f8e
Refs #26601 -- Deprecated old-style middleware.
2016-05-17 07:22:26 -04:00
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
929684d6ee
Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
...
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
f5ff5010cd
Fixed #26483 -- Updated docs.python.org links to use Intersphinx.
2016-05-08 18:07:43 -04:00
5cda4677b3
Fixed #26037 -- Documented precedence of USE_X_FORWARDED_HOST/PORT settings.
2016-04-07 10:09:56 -04:00
f8b31dfdfc
Fixed #26419 -- Added a link in ALLOWED_HOSTS docs.
2016-04-04 11:08:12 -04:00
12dee89d9c
Removed some docs that should have been removed along with PROFANITIES_LIST.
2016-03-31 13:21:32 -04:00
157d7f1f1d
Fixed #25388 -- Added an option to allow disabling of migrations during test database creation
2016-03-23 08:21:30 +08:00
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
2404d209a5
Fixed #26309 -- Documented that login URL settings no longer support dotted paths.
2016-03-03 07:34:14 -05:00
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
67907ed845
Made identation of default setting docs more consistenct.
2016-02-02 11:40:28 -05:00
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
2436b83dfd
Made formatting of docs for settings defaults more consistent.
2016-01-29 15:03:40 -05:00
e519aab43a
Fixed #23868 -- Added support for non-unique django-admin-options in docs.
...
Also documented missing short command line options to fix #24134 . This bumps
the minimum sphinx version required to build the docs to 1.3.4.
Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
c8d970a548
Refs #25755 -- Unified a couple more spellings of 'website'.
2016-01-11 06:13:16 -05:00
7f218d9891
Fixed #25928 -- Clarified precendence of USE_THOUSAND_SEPARATOR and locale formats.
2016-01-07 14:32:18 -05:00
62e83c71d2
Refs #25878 -- Added the expected return type of CSRF_FAILURE_VIEW.
2016-01-06 07:05:05 -05:00
59f861fcb4
Fixed #25918 -- Removed unused LOGOUT_URL setting.
...
Thanks hop for the report and patch.
2015-12-11 12:43:02 -05:00
7aabd62380
Fixed #25778 -- Updated docs links to use https when available.
2015-12-01 08:01:34 -05:00
16945f0e9c
Fixed #25695 -- Added template_name parameter to csrf_failure() view.
2015-11-17 14:28:18 -05:00
5abed864ee
Fixed #25710 -- Clarified the docs about what INTERNAL_IPS does.
2015-11-17 10:16:29 -05:00
abf5ccc29c
Fixed #25489 -- Documented that SESSION_SAVE_EVERY_REQUEST doesn't create empty sessions.
2015-10-29 17:28:37 -04:00
Claude Paroz
Adnan Umer
Carlton Gibson
Mykola Nicholas
Mariusz Felisiak
Matthias Kestenholz
Ran Benita
Nick Pope
Tim Graham
Himanshu Lakhara
Aymeric Augustin
romgar
Mayank Singhal
Jon Dufresne
Kate Berry
Alex Gaynor
Ashaba
Frédéric Massart
Дилян Палаузов
Jon Ribbens
Laura
François Freitag
Preston Timmons
Raphael Michel
Ian Lee
Marti Raudsepp
Denis Cornehl
Ed Morley
Chris Jerdonek
jasisz
Tobias McNulty
Anton I. Sipos
Florian Apolloner
Andre Cruz
Arnaud Limbourg
Joshua Pereyda
Berker Peksag
Bas Westerbaan
Alasdair Nicol
Hugo Osvaldo Barrera
rowanv
pp
wingston sharon
Alex Morozov