1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00

Added info to release notes about CSRF improvements

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-05-31 21:29:35 +00:00
parent 1cfb00dc41
commit 1a951fa8d4

View File

@ -78,6 +78,16 @@ A new helper function,
``template.Library`` to ease the creation of template tags that store some
data in a specified context variable.
CSRF improvements
~~~~~~~~~~~~~~~~~
We've made various improvements to our CSRF features, including the
:func:`~django.views.decorators.csrf.ensure_csrf_cookie` decorator which can
help with AJAX heavy sites, protection for PUT and DELETE, and settings
:setting:`CSRF_COOKIE_SECURE` and :setting:`CSRF_COOKIE_PATH` which can improve
the security and usefulness of the CSRF protection. See the :doc:`CSRF docs
</ref/contrib/csrf>` for more information.
.. _backwards-incompatible-changes-1.4:
Backwards incompatible changes in 1.4