Vaclav Ehrlich
369fa471f4
Fixed #26201 -- Documented the consequences of rotating the CSRF token on login.
2016-04-05 11:02:38 -04:00
acemaster
a1b1688c7d
Fixed #26165 -- Added some FAQs about CSRF protection.
...
Thanks Florian Apolloner and Shai Berger for review.
2016-03-01 08:45:05 -05:00
userimack
7a7b82e6f4
Fixed #26181 -- Corrected AngularJS CSRF example.
2016-02-09 09:22:23 -05:00
Luke Plant
77974a684a
Changed `action="."` to `action=""` in tests and docs.
...
`action="."` strips query parameters from the URL which is not usually what
you want. Copy-paste coding of these examples could lead to difficult to
track down bugs or even data loss if the query parameter was meant to alter
the scope of a form's POST request.
2016-01-21 13:59:15 -05:00
Danilo Bargen
6a4f13de27
Added docs about configuring CSRF support in AngularJS.
2016-01-15 10:14:52 -05:00
Tim Graham
4d83b0163e
Fixed #25969 -- Replaced render_to_response() with render() in docs examples.
2015-12-23 09:14:32 -05:00
Jon Dufresne
7aabd62380
Fixed #25778 -- Updated docs links to use https when available.
2015-12-01 08:01:34 -05:00
Agnieszka Lasyk
1f8dad6915
Fixed #25755 -- Unified spelling of "website".
2015-11-16 06:44:14 -05:00
Matt Robenolt
b0c56b895f
Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
...
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Joshua Kehn
ab26b65b2f
Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS.
...
Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other
domains that are included during the CSRF Referer header verification
for secure (HTTPS) requests.
2015-09-05 09:19:57 -04:00
Marc
f9de197268
Recommended the JavaScript Cookie library instead of jQuery cookie.
...
jQuery cookie is no longer maintained in favor of the JavaScript
cookie library. This also removes the jQuery dependency.
2015-08-19 10:04:01 -04:00
Dave Hodder
08c980d752
Updated capitalization in the word "JavaScript" for consistency
2015-05-01 13:26:42 -04:00
Grzegorz Slusarek
668d53cd12
Fixed #21495 -- Added settings.CSRF_HEADER_NAME
2015-03-05 15:03:40 -05:00
Aymeric Augustin
9eb4f28e89
Deprecated TEMPLATE_CONTEXT_PROCESSORS.
2014-12-28 17:02:31 +01:00
Aymeric Augustin
92e8f1f302
Moved context_processors from django.core to django.template.
2014-12-28 17:00:07 +01:00
Fabio Natali
fa680ce1e2
Fixed #23825 -- Added links for decorating class-based views to the CSRF docs.
2014-11-15 19:33:39 +01:00
Thomas Chaumeny
d3db878e4b
Moved CSRF docs out of contrib.
2014-11-03 07:47:39 -05:00