Carlton Gibson
0bd2c0c901
Fixed #33735 -- Added async support to StreamingHttpResponse.
...
Thanks to Florian Vazelle for initial exploratory work, and to Nick
Pope and Mariusz Felisiak for review.
2022-12-22 10:41:12 +01:00
Andreas Pelme
ab7a85ac29
Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware.
2022-12-17 08:46:37 +01:00
Nick Pope
9bd174b9a7
Updated documentation and comments for RFC updates.
...
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Nick Pope
2bc47d7fe9
Avoided assignment followed by immediate return.
...
Identified using the following command:
$ pcre2grep --line-number --multiline --recursive \
"(?s)(\n +)(\w+) = [^\n]+\1return \2;?$" \
django docs extras js_tests scripts tests
2022-10-31 12:31:13 +01:00
Anders Kaseorg
fbac2a4dd8
Fixed #33700 -- Skipped extra resolution for successful requests not ending with /.
...
By moving a should_redirect_with_slash call out of an if block, commit
9390da7fb6
negated the performance fix
of commit 434d309ef6
(#24720 ).
Meanwhile, the logging issue #26293 that it targeted was subsequently
fixed more fully by commit 40b69607c7
(#26504 ), so it is no longer needed. This effectively reverts it.
This speeds up successful requests not ending with / when APPEND_SLASH
is enabled (the default, and still useful in projects with a mix of
URLs with and without trailing /). The amount of speedup varies from
about 5% in a typical project to nearly 50% on a benchmark with many
routes.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-06-02 15:15:04 +02:00
Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
David Smith
1024b5e74a
Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.
2021-07-29 06:24:12 +02:00
Tim Graham
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
bankc
db5b75f10f
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
...
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Carlton Gibson
ad11f5b8c9
Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.
2020-10-22 14:15:19 +02:00
Tom Carrick
bcc2befd0e
Fixed #31789 -- Added a new headers interface to HttpResponse.
2020-09-14 08:41:59 +02:00
Claude Paroz
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Viktor Lomakin
ee6b17187f
Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses with non-empty content.
2019-10-10 09:51:05 +02:00
Nick Pope
406dba04e1
Fixed #29406 -- Added support for Referrer-Policy header.
...
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Claude Paroz
05d0eca635
Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.
2019-09-09 08:15:26 +02:00
Hasan Ramezani
090ca6512f
Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ADMINS/MANAGERS is set incorrectly.
2019-07-02 07:34:07 +02:00
Nick Pope
413d50b5ff
Corrected settings names in SecurityMiddleware tests.
2019-03-20 20:15:34 -04:00
Jon Dufresne
c492fdfd24
Removed default empty content argument from HttpResponse calls.
2019-02-09 16:27:32 -05:00
Tim Graham
043bd70942
Updated test URL patterns to use path() and re_path().
2018-12-31 10:47:32 -05:00
Simon Charette
0f212db29d
Made reused RequestFactory instances class attributes.
2018-11-27 09:49:02 -05:00
Artur Juraszek
817c6cdf0e
Capitalized SecurityMiddleware headers for consistency with other headers.
...
(No behavior change since HTTP headers are case insensitive.)
2018-10-30 18:30:51 -04:00
Andreas Hug
a656a68127
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
Tim Graham
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
500532c95d
Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().
2017-02-09 09:03:47 -05:00
Vytis Banaitis
8838d4dd49
Refs #23919 -- Replaced kwargs.pop() with keyword-only arguments.
2017-02-01 11:41:56 -05:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Claude Paroz
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
za
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
Sven Engström
f46a838efc
Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a trailing slash.
2016-11-06 10:38:36 +01:00
Adam Malinowski
37809b891e
Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware.
2016-11-05 22:24:54 +01:00
Kevin Christopher Henry
2327fad54e
Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests.
2016-10-17 16:11:53 -04:00
Tim Graham
61f9243e51
Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.
2016-10-14 12:48:03 -04:00
Kevin Christopher Henry
9108696a75
Refs #19705 -- Changed gzip modification times to 0.
...
This makes gzip output deterministic, which allows
ConditionalGetMiddleware to reliably compare ETags on gzipped
content (views using the gzip_page() decorator in particular).
2016-10-14 07:41:42 -04:00
Kevin Christopher Henry
ad332e5ca9
Refs #19705 -- Made GZipMiddleware make ETags weak.
...
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
2016-10-13 14:22:54 -04:00
Kevin Christopher Henry
bd7237d7ec
Fixed #19705 -- Set proper headers on conditional Not Modified responses.
2016-10-12 14:43:25 -04:00
Denis Cornehl
a840710e1e
Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.
2016-10-10 14:55:59 -04:00
Kevin Christopher Henry
4ef0e019b7
Fixed #27083 -- Added support for weak ETags.
2016-09-10 08:14:52 -04:00
Ed Morley
3c2447dd13
Fixed #26947 -- Added an option to enable the HSTS header preload directive.
2016-08-10 20:23:54 -04:00
Ed Morley
8c3bc5cd78
Fixed docs to refer to HSTS includeSubdomains as a directive.
...
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
Tim Graham
0850236a8c
Fixed a typo in tests/middleware/test_security.py
2016-07-28 22:00:48 -04:00
andrewnester
20d39325ca
Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response has Cache-Control: no-store.
2016-07-15 15:34:00 -04:00
Claude Paroz
9588718cd4
Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
...
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
Jon Dufresne
4f336f6652
Fixed #26747 -- Used more specific assertions in the Django test suite.
2016-06-16 14:19:18 -04:00
Tim Graham
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
ieatkittens
9390da7fb6
Fixed #26293 -- Fixed CommonMiddleware to process PREPEND_WWW and APPEND_SLASH independently.
2016-03-23 09:23:19 -04:00