Tim Graham
2e7ba6057c
Refs #28741 -- Doc'd SESSION_COOKIE_DOMAIN requirement with CSRF_USE_SESSIONS.
...
Similar considerations as refs #32065 , again adding some nuance to
afd375fc34
.
2021-01-04 07:49:30 +01:00
Carlton Gibson
0ed6f3ba4b
Corrected formatting in settings docs.
2020-12-15 12:08:45 +01:00
Tom Forbes
b5e12d490a
Fixed #31007 -- Allowed specifying type of auto-created primary keys.
...
This also changes the default type of auto-created primary keys
for new apps and projects to BigAutoField.
2020-12-15 11:25:46 +01:00
Mariusz Felisiak
5ce31d6a71
Fixed #32193 -- Deprecated MemcachedCache.
2020-12-09 21:27:32 +01:00
Nikita Sobolev
42f3fafdfa
Updated {% static %} tag examples in docs to use single quotes where appropriate.
2020-11-02 10:34:24 +01:00
Carlton Gibson
3d4ffd1ff0
Fixed #32065 -- Restored leading dot to CSRF_COOKIE_DOMAIN examples.
...
Partially reverts afd375fc34
.
Thanks to Tim Graham for review.
2020-10-07 10:03:10 +02:00
Mariusz Felisiak
77caeaea88
Fixed #32012 -- Made test database creation sync apps models when migrations are disabled.
...
Thanks Jaap Roes for the report.
2020-09-23 10:54:04 +02:00
Nick Pope
b4d46df5ca
Fixed #29887 -- Added a cache backend for pymemcache.
2020-09-16 09:40:30 +02:00
Hasan Ramezani
70731fc6fe
Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers.
2020-08-31 10:57:41 +02:00
Mariusz Felisiak
d907371ef9
Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
...
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
Harpreet Sharma
248d03fbe9
Fixed #31821 -- Removed outdated note in FILE_UPLOAD_PERMISSIONS docs.
...
Follow up to 22aab8662f
2020-07-23 20:36:52 +02:00
Buk Bukowski
f65454801b
Fixed #31814 -- Fixed typo in docs/ref/settings.txt.
2020-07-22 22:38:27 +02:00
Adam Johnson
80f92177eb
Improved description of USE_THOUSAND_SEPARATOR setting.
2020-07-20 12:54:55 +02:00
Hasan Ramezani
a16080810b
Fixed #31696 -- Updated OWASP links in docs.
2020-06-15 09:44:08 +02:00
René Fleschenberg
f24b59267b
Refs #23097 -- Used new octal format in FILE_UPLOAD_PERMISSIONS docs.
2020-05-25 20:43:31 +02:00
Hasan Ramezani
643207efae
Fixed #31608 -- Doc'd that form ISO 8601 datetime parsing always retains tzinfo.
2020-05-21 20:45:39 +02:00
Mariusz Felisiak
4c5236ef93
Removed versionadded/changed annotations for 3.0.
2020-05-13 09:07:51 +02:00
Chris Burchhardt
d2b9a9fdbb
Refs #28622 -- Corrected PASSWORD_RESET_TIMEOUT/PASSWORD_RESET_TIMEOUT_DAYS docs.
...
Removed outdated note about an extra day in PASSWORD_RESET_TIMEOUT
docs and incorrect "minimum" phrase.
2020-05-05 08:19:25 +02:00
Mariusz Felisiak
b28be08cac
Fixed broken links in docs.
2020-04-28 10:09:45 +02:00
Hasan Ramezani
bec4dea844
Fixed #31400 -- Doc'd the expected type of CONN_MAX_AGE database option.
2020-03-27 06:32:42 +01:00
Adam Johnson
72b97a5b1e
Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'.
2020-02-05 14:39:01 +01:00
Abhijeet
a45c8d7ad0
Fixed #31126 -- Doc'd STATICFILES_DIRS namespacing in static files how-to.
2020-01-29 10:34:34 +01:00
Pavel Lysak
13e4abf83e
Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.
2020-01-16 15:25:49 +01:00
Claude Paroz
188b003014
Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default input formats.
2020-01-07 11:08:40 +01:00
Osaetin Daniel
b33bfc3839
Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.
...
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-12 10:52:31 +01:00
Gordon Pendleton
adb9661789
Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True.
2019-12-05 09:44:45 +01:00
Aymeric Augustin
c06492dd87
Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL.
2019-12-04 18:22:08 +01:00
Baptiste Mispelon
ff1b19da67
Fixed #31029 -- Used more specific links to RFCs.
2019-11-27 20:54:38 +01:00
Jon Dufresne
a69c4d626a
Refs #25388 -- Corrected value of TEST MIGRATE setting in MIGRATION_MODULES docs.
2019-11-25 08:42:35 +01:00
Jon Dufresne
f5ebdfce5c
Fixed #25388 -- Added an option to allow disabling of migrations during test database creation.
2019-11-20 20:42:38 +01:00
Jon Dufresne
fbbff7f808
Refs #29983 -- Added pathlib.Path support to the file email backend.
2019-11-06 09:33:07 +01:00
Jon Dufresne
c8debd5061
Added a link to the file email backend from EMAIL_FILE_PATH setting.
2019-11-06 08:24:49 +01:00
René Fleschenberg
d232fd76a8
Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes.
2019-10-11 15:30:33 +02:00
Oleg Kainov
c574bec092
Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to relative paths.
...
Thanks Florian Apolloner for reviews.
Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-25 19:47:03 +02:00
Mariusz Felisiak
28e769dfe6
Fixed typo in docs/ref/settings.txt.
2019-09-23 08:17:58 +02:00
Luke Plant
45304e444e
Refs #28622 -- Clarified security implications of PASSWORD_RESET_TIMEOUT.
2019-09-20 13:53:01 +02:00
Hasan Ramezani
226ebb1729
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-20 13:52:04 +02:00
Ben Falk
4056558a1c
Fixed typos in docs/ref/settings.txt.
2019-09-13 20:36:35 +02:00
Mariusz Felisiak
3d716467a9
Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline.
2019-09-10 12:01:00 +02:00
Mariusz Felisiak
416c584cab
Removed versionadded/changed annotations for 2.2.
2019-09-10 12:01:00 +02:00
Nick Pope
406dba04e1
Fixed #29406 -- Added support for Referrer-Policy header.
...
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Claude Paroz
05d0eca635
Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.
2019-09-09 08:15:26 +02:00
Tobias Kunze
4a954cfd11
Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
...
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:
- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous
Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
Claude Paroz
0468159763
Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.
2019-08-18 13:17:49 +02:00
Adnan Umer
c5075360c5
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
2019-08-05 18:44:08 +02:00
Carlton Gibson
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mykola Nicholas
f3a03d5b61
Changed charset and collation link to MySQL docs.
2019-06-11 11:16:27 +02:00
Mariusz Felisiak
b6c4766f53
Refs #29548 -- Updated docs for MariaDB support.
2019-05-27 19:59:49 +02:00
Matthias Kestenholz
80482e9249
Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting.
...
This partly reverts commit 4400d8296d
.
2019-04-24 10:54:03 +02:00
Ran Benita
19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies.
2019-04-08 11:26:06 +02:00
Mariusz Felisiak
4cbe2b06ce
Fixed typo in docs/ref/settings.txt.
2019-04-02 09:10:11 +02:00
Nick Pope
198a2a9381
Removed unnecessary /static from links to PostgreSQL docs.
2019-03-29 21:49:44 -04:00
Tim Graham
879cc3da62
Moved extlinks in docs config to allow using 'version' variable.
...
After a stable branch is created, 'master' will change to
'stable/' + version + '.x'.
2019-03-28 20:47:51 -04:00
Tim Graham
a68c029e22
Used extlinks for Django's source code.
2019-03-28 20:32:17 -04:00
Nick Pope
07daa487ae
Refs #1660 -- Doc'd the LANGUAGES_BIDI setting.
2019-03-28 20:04:24 +01:00
Nick Pope
398afba084
Updated spelling and RFCs in HttpOnly cookie flag docs.
2019-03-27 10:09:23 -04:00
Himanshu Lakhara
22aab8662f
Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644.
2019-02-08 14:53:15 -05:00
Aymeric Augustin
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
Tim Graham
b709d70130
Simplified and corrected LOGIN_URL, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL docs.
2019-02-05 19:45:29 -05:00
Carlton Gibson
bae66e759f
Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.
2019-01-30 11:02:26 -05:00
Tim Graham
8045dff98c
Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.
2019-01-17 10:50:25 -05:00
Tim Graham
ec7e179aeb
Removed versionadded/changed annotations for 2.1.
2019-01-17 10:50:25 -05:00
Tim Graham
4c7c608a1d
Reverted "Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb."
...
This reverts commits b3b1d3d45f
and
9fa0d3786f
due to reverse build failures
for which a solution isn't forthcoming.
2018-12-05 15:30:23 -05:00
Mariusz Felisiak
ff8020ed49
Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces.
2018-11-13 18:22:41 -05:00
romgar
b3b1d3d45f
Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb.
...
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
2018-11-06 16:57:50 -05:00
Mayank Singhal
76b3367035
Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs.
2018-10-25 11:39:52 -04:00
Jon Dufresne
0cd465b63a
Fixed #29817 -- Deprecated settings.FILE_CHARSET.
2018-10-15 17:15:41 -04:00
Kate Berry
b8b1d8cad6
Improved tone in docs/ref/settings.txt.
2018-10-04 11:35:19 -04:00
Jon Dufresne
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
Jon Dufresne
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
Claude Paroz
e8531cc89c
Prevented unexpected link in settings docs
2018-06-10 15:11:39 +02:00
Tim Graham
5cc81cd9eb
Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."
...
This reverts commit b3cffde555
due to
a regression and performance concerns.
2018-05-26 21:06:58 -04:00
Tim Graham
7543ab1f8d
Removed versionadded/changed annotations for 2.0.
2018-05-17 11:00:10 -04:00
Jon Dufresne
b3cffde555
Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set.
2018-04-17 13:02:05 -04:00
Alex Gaynor
9a56b4b13e
Fixed #27863 -- Added support for the SameSite cookie flag.
...
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.
2018-02-26 09:05:18 -05:00
Ashaba
95fd5cf459
Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs.
2018-01-24 13:38:15 -05:00
Frédéric Massart
a5f1e5809f
Clarified who the AdminEmailHandler emails.
2017-11-21 11:49:15 -05:00
Дилян Палаузов
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
Tim Graham
afd375fc34
Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples.
2017-11-01 10:57:59 -04:00
Tim Graham
0edff2107f
Refs #28248 -- Clarified the precision of PASSWORD_RESET_TIMEOUT_DAYS.
2017-10-12 14:58:18 -04:00
Jon Ribbens
44f08422c8
Fixed #28625 -- Distinguished DATABASES['TIME_ZONE'] from settings.TIME_ZONE.
2017-09-28 09:42:08 -04:00
Tim Graham
5446b72003
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
Tim Graham
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
c7d58c6f43
Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD.
2017-07-25 15:12:50 -04:00
Laura
e58c87cb70
Fixed #28336 -- Fixed typo in docs/ref/settings.txt.
2017-06-27 21:41:10 -04:00
Mariusz Felisiak
516b7664dc
Fixed #28260 -- Allowed customizing the test tablespace initial and autoextend size on Oracle.
...
Thanks Tim Graham for the review.
2017-06-02 18:35:56 +02:00
François Freitag
88336fdbb5
Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL.
...
When a connection pooler is set up in transaction pooling mode, queries
relying on server-side cursors fail. The DISABLE_SERVER_SIDE_CURSORS
setting in DATABASES disables server-side cursors for this use case.
2017-05-06 06:59:04 -04:00
Mariusz Felisiak
a3af8c99d9
Removed extra characters in docs header underlines.
2017-03-20 18:30:32 -04:00
Tim Graham
c577d8a498
Described DEBUG_PROPAGATE_EXCEPTIONS behavior in more detail.
2017-03-09 12:18:17 -05:00
Tim Graham
80493b0871
Fixed #27829 -- Deprecated settings.DEFAULT_CONTENT_TYPE.
2017-02-16 07:59:44 -05:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham
e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
Tim Graham
d334f46b7a
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
2017-01-17 20:52:04 -05:00
Tim Graham
9e734875fe
Fixed #24994 -- Documented the expected type of settings.SECRET_KEY.
2016-12-28 07:36:37 -05:00
Preston Timmons
b52c73008a
Fixed #15667 -- Added template-based widget rendering.
...
Thanks Carl Meyer and Tim Graham for contributing to the patch.
2016-12-27 17:50:10 -05:00
Tim Graham
c27104a9c7
Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security.
2016-12-19 17:56:58 -05:00
Raphael Michel
ddf169cdac
Refs #16859 -- Allowed storing CSRF tokens in sessions.
...
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-30 08:57:27 -05:00
Ian Lee
501c993010
Fixed typo in docs/ref/settings.txt.
2016-11-11 07:01:48 -05:00
Tim Graham
7fe2d8d940
Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.
...
This is a security fix.
2016-11-01 09:30:57 -04:00