Raphael Michel 
							
						 
					 
					
						
						
							
						
						ddf169cdac 
					 
					
						
						
							
							Refs  #16859  -- Allowed storing CSRF tokens in sessions.  
						
						... 
						
						
						
						Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review. 
						
						
					 
					
						2016-11-30 08:57:27 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						7301770254 
					 
					
						
						
							
							Fixed typo in docs/ref/middleware.txt.  
						
						
						
						
					 
					
						2016-11-06 13:22:08 +01:00 
						 
				 
			
				
					
						
							
							
								Adam Malinowski 
							
						 
					 
					
						
						
							
						
						37809b891e 
					 
					
						
						
							
							Fixed   #27346  -- Stopped setting the Content-Length header in ConditionalGetMiddleware.  
						
						
						
						
					 
					
						2016-11-05 22:24:54 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						61f9243e51 
					 
					
						
						
							
							Fixed   #27345  -- Stopped setting the Date header in ConditionalGetMiddleware.  
						
						
						
						
					 
					
						2016-10-14 12:48:03 -04:00 
						 
				 
			
				
					
						
							
							
								Kevin Christopher Henry 
							
						 
					 
					
						
						
							
						
						ad332e5ca9 
					 
					
						
						
							
							Refs  #19705  -- Made GZipMiddleware make ETags weak.  
						
						... 
						
						
						
						Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression. 
						
						
					 
					
						2016-10-13 14:22:54 -04:00 
						 
				 
			
				
					
						
							
							
								Denis Cornehl 
							
						 
					 
					
						
						
							
						
						a840710e1e 
					 
					
						
						
							
							Fixed   #26447  -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.  
						
						
						
						
					 
					
						2016-10-10 14:55:59 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						ef021412d5 
					 
					
						
						
							
							Normalized spelling of ETag.  
						
						
						
						
					 
					
						2016-09-09 11:00:21 -04:00 
						 
				 
			
				
					
						
							
							
								Ed Morley 
							
						 
					 
					
						
						
							
						
						3c2447dd13 
					 
					
						
						
							
							Fixed   #26947  -- Added an option to enable the HSTS header preload directive.  
						
						
						
						
					 
					
						2016-08-10 20:23:54 -04:00 
						 
				 
			
				
					
						
							
							
								Ed Morley 
							
						 
					 
					
						
						
							
						
						8c3bc5cd78 
					 
					
						
						
							
							Fixed docs to refer to HSTS includeSubdomains as a directive.  
						
						... 
						
						
						
						The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2  
						
						
					 
					
						2016-08-08 20:20:49 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						9588718cd4 
					 
					
						
						
							
							Fixed   #5897  -- Added the Content-Length response header in CommonMiddleware  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2016-06-27 10:44:57 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						46a38307c2 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.9.  
						
						
						
						
					 
					
						2016-05-20 11:44:29 -04:00 
						 
				 
			
				
					
						
							
							
								Shai Berger 
							
						 
					 
					
						
						
							
						
						5112e65ef2 
					 
					
						
						
							
							Fixed   #20869  -- made CSRF tokens change every request by salt-encrypting them  
						
						... 
						
						
						
						Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews. 
						
						
					 
					
						2016-05-19 05:02:19 +03:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						9baf692a58 
					 
					
						
						
							
							Fixed   #26601  -- Improved middleware per DEP 0005.  
						
						... 
						
						
						
						Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP. 
						
						
					 
					
						2016-05-17 07:22:22 -04:00 
						 
				 
			
				
					
						
							
							
								rowanv 
							
						 
					 
					
						
						
							
						
						a6ef025dfb 
					 
					
						
						
							
							Fixed   #26124  -- Added missing code formatting to docs headers.  
						
						
						
						
					 
					
						2016-02-01 10:42:05 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						54848a96dd 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.8.  
						
						
						
						
					 
					
						2015-09-23 19:31:11 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						849037af36 
					 
					
						
						
							
							Refs  #23957  -- Required session verification per deprecation timeline.  
						
						
						
						
					 
					
						2015-09-23 19:31:10 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						64982cc2fb 
					 
					
						
						
							
							Updated Wikipedia links to use https  
						
						
						
						
					 
					
						2015-08-08 12:02:32 +02:00 
						 
				 
			
				
					
						
							
							
								jorgecarleitao 
							
						 
					 
					
						
						
							
						
						7c642cafbb 
					 
					
						
						
							
							Fixed typo in docs/ref/middleware.txt  
						
						
						
						
					 
					
						2015-07-27 07:15:49 -04:00 
						 
				 
			
				
					
						
							
							
								Jan Pazdziora 
							
						 
					 
					
						
						
							
						
						a570701e02 
					 
					
						
						
							
							Fixed   #25029  -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.  
						
						
						
						
					 
					
						2015-07-02 17:38:10 -04:00 
						 
				 
			
				
					
						
							
							
								Marissa Zhou 
							
						 
					 
					
						
						
							
						
						8b1f39a727 
					 
					
						
						
							
							Fixed   #24796  -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.  
						
						... 
						
						
						
						Also moved it in the project template. 
						
						
					 
					
						2015-06-08 12:32:38 -04:00 
						 
				 
			
				
					
						
							
							
								Dave Hodder 
							
						 
					 
					
						
						
							
						
						08c980d752 
					 
					
						
						
							
							Updated capitalization in the word "JavaScript" for consistency  
						
						
						
						
					 
					
						2015-05-01 13:26:42 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						c79faae761 
					 
					
						
						
							
							Removed versionadded/changed notes for 1.7.  
						
						
						
						
					 
					
						2015-02-01 21:02:40 -05:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						df0523debc 
					 
					
						
						
							
							Fixed   #23531  -- Added CommonMiddleware.response_redirect_class.  
						
						
						
						
					 
					
						2014-11-04 17:56:57 -05:00 
						 
				 
			
				
					
						
							
							
								Thomas Chaumeny 
							
						 
					 
					
						
						
							
						
						d3db878e4b 
					 
					
						
						
							
							Moved CSRF docs out of contrib.  
						
						
						
						
					 
					
						2014-11-03 07:47:39 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						52ef6a4726 
					 
					
						
						
							
							Fixed   #17101  -- Integrated django-secure and added check --deploy option  
						
						... 
						
						
						
						Thanks Carl Meyer for django-secure and for reviewing.
Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews. 
						
						
					 
					
						2014-09-12 15:05:23 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						0b5bafe993 
					 
					
						
						
							
							Removed reference to old middleware  
						
						
						
						
					 
					
						2014-06-30 20:36:18 +02:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						df09d85482 
					 
					
						
						
							
							Fixed   #17552  -- Removed a hack for IE6 and earlier.  
						
						... 
						
						
						
						It prevented the GZipMiddleware from compressing some data types even on
more recent version of IE where the corresponding bug was fixed.
Thanks Aaron Cannon for the report and Tim Graham for the review. 
						
						
					 
					
						2014-06-10 08:42:31 +02:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						756c390fb5 
					 
					
						
						
							
							Fixed   #20816  -- Added hints about Django middleware ordering  
						
						... 
						
						
						
						Thanks gthb Trac user for the report, kolypto StackOverflow
user for the initial list and Tim Graham for the review. 
						
						
					 
					
						2014-05-22 18:33:10 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						465980d070 
					 
					
						
						
							
							Added RemoteUserMiddleware to middleware reference page.  
						
						
						
						
					 
					
						2014-04-16 07:22:15 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						fd23c06023 
					 
					
						
						
							
							Fixed   #21649  -- Added optional invalidation of sessions when user password changes.  
						
						... 
						
						
						
						Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. 
						
						
					 
					
						2014-04-05 12:50:51 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						51c8045145 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.6.  
						
						
						
						
					 
					
						2014-03-24 11:42:56 -04:00 
						 
				 
			
				
					
						
							
							
								Thomas Schreiber 
							
						 
					 
					
						
						
							
						
						907ac64641 
					 
					
						
						
							
							Fixed typos in docs (django.contrib.site)  
						
						
						
						
					 
					
						2014-03-21 19:56:31 +01:00 
						 
				 
			
				
					
						
							
							
								Rodolfo Carvalho 
							
						 
					 
					
						
						
							
						
						2b6436e2d5 
					 
					
						
						
							
							Fixed some typos and formatting issues in docs.  
						
						
						
						
					 
					
						2014-03-03 08:37:17 -05:00 
						 
				 
			
				
					
						
							
							
								Christopher Medrela 
							
						 
					 
					
						
						
							
						
						b22d6c47a7 
					 
					
						
						
							
							Fixed   #17005  -- Added CurrentSiteMiddleware to set the current site on each request.  
						
						... 
						
						
						
						Thanks jordan at aace.org for the suggestion. 
						
						
					 
					
						2014-02-06 04:45:49 -05:00 
						 
				 
			
				
					
						
							
							
								Emil Stenström 
							
						 
					 
					
						
						
							
						
						7a97df190c 
					 
					
						
						
							
							Fixed   #19277  -- Added LocaleMiddleware.response_redirect_class  
						
						... 
						
						
						
						Thanks ppetrid at yawd.eu for the suggestion. 
						
						
					 
					
						2013-10-03 16:15:29 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						da843e7dba 
					 
					
						
						
							
							Fixed   #20887  -- Added a warning to GzipMiddleware in light of BREACH.  
						
						... 
						
						
						
						Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text. 
						
						
					 
					
						2013-09-11 08:17:15 -04:00 
						 
				 
			
				
					
						
							
							
								Brenton Cleeland 
							
						 
					 
					
						
						
							
						
						dab52d99fc 
					 
					
						
						
							
							Fixed   #20792  -- Corrected DISALLOWED_USER_AGENTS docs.  
						
						... 
						
						
						
						Thanks simonb for the report. 
						
						
					 
					
						2013-07-25 07:38:14 -04:00 
						 
				 
			
				
					
						
							
							
								Łukasz Langa 
							
						 
					 
					
						
						
							
						
						660762681c 
					 
					
						
						
							
							Fixed   #20126  -- XViewMiddleware moved to django.contrib.admindocs.middleware  
						
						
						
						
					 
					
						2013-05-19 13:18:35 +02:00 
						 
				 
			
				
					
						
							
							
								Juan Catalano 
							
						 
					 
					
						
						
							
						
						78c842a323 
					 
					
						
						
							
							Adapted uses of versionchanged/versionadded to the new form.  
						
						... 
						
						
						
						Refs #20104 . 
						
						
					 
					
						2013-04-20 17:18:35 +02:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						ac37ed21b3 
					 
					
						
						
							
							Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.  
						
						... 
						
						
						
						Replaced them with per-database options, for proper multi-db support.
Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience. 
						
						
					 
					
						2013-03-11 15:04:05 +01:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						50a985b09b 
					 
					
						
						
							
							Fixed   #19099  -- Split broken link emails out of common middleware.  
						
						
						
						
					 
					
						2013-01-15 17:41:45 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						9b5f64cc6e 
					 
					
						
						
							
							Fixed   #19516  - Fixed remaining broken links.  
						
						... 
						
						
						
						Added -n to sphinx builds to catch issues going forward. 
						
						
					 
					
						2013-01-02 18:32:57 -05:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						7ee7599ab3 
					 
					
						
						
							
							Removed versionadded/changed annotations dating back to 1.4.  
						
						
						
						
					 
					
						2012-12-29 21:59:08 +01:00 
						 
				 
			
				
					
						
							
							
								Preston Holmes 
							
						 
					 
					
						
						
							
						
						11ded967c4 
					 
					
						
						
							
							Fixed   #19498  -- refactored auth documentation  
						
						... 
						
						
						
						The auth doc was a single page which had grown unwieldy.
This refactor split and grouped the content into sub-topics.
Additional corrections and cleanups were made along the way. 
						
						
					 
					
						2012-12-28 11:06:12 -08:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						3e0857041b 
					 
					
						
						
							
							Fixed   #18473  - Fixed a suggestion that GZipMiddleware needs to be first in the list of middleware.  
						
						
						
						
					 
					
						2012-10-17 15:46:59 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						2d1214d92a 
					 
					
						
						
							
							Fixed   #14165  - Documented that TransactionMiddleware only applies to the default database.  
						
						
						
						
					 
					
						2012-10-11 17:47:37 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						07d70e9b26 
					 
					
						
						
							
							Fixed   #18656  -- Fixed LocaleMiddleware link; thanks mitar for the report.  
						
						
						
						
					 
					
						2012-07-28 13:31:41 -04:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						c28e700c7e 
					 
					
						
						
							
							Removed references to changes made in 1.2.  
						
						... 
						
						
						
						Thanks Florian Apolloner for the patch. 
						
						
					 
					
						2012-06-07 15:02:35 +02:00 
						 
				 
			
				
					
						
							
							
								Adrian Holovaty 
							
						 
					 
					
						
						
							
						
						6ecadcbdd2 
					 
					
						
						
							
							Made a bunch more edits up until [17418]  
						
						... 
						
						
						
						git-svn-id: http://code.djangoproject.com/svn/django/trunk@17428  bcc190cf-cafb-0310-a4f2-bffc1f526a37 
						
						
					 
					
						2012-02-03 20:45:45 +00:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						4288c8831b 
					 
					
						
						
							
							Fixed   #10762 ,  #17514  -- Prevented the GZip middleware from returning a response longer than the original content, allowed compression of non-200 responses, and added tests (there were none). Thanks cannona for the initial patch.  
						
						... 
						
						
						
						git-svn-id: http://code.djangoproject.com/svn/django/trunk@17365  bcc190cf-cafb-0310-a4f2-bffc1f526a37 
						
						
					 
					
						2012-01-09 21:42:03 +00:00