Manually reformatted some long docstrings and comments that would be
damaged by the to-be-applied autofixer script, in cases where editorial
judgment seemed necessary for style or wording changes.
When looking for cached values in ManyRelatedManager and
ForwardManyToOneDescriptor walk up the whole chain of ancestors
(as long as they are cached) to find the prefetched relation.
Reordered the keyword-only EmailMessage parameters in the documentation
to group similar options together and move rarely used options later.
Used keywords for *all* parameters in EmailMessage examples to improve
clarity.
In public mail APIs, changed less frequently used parameters from
keyword-or-positional to keyword-only, emitting a warning during the
required deprecation period.
Updated mail tests in preparation for migrating from Python's legacy
to modern email API. The updated tests will pass with either Python API,
and focus on desired outcomes (e.g., that a message with non-ASCII
content parses accurately at the receiving end) rather than specific
implementation details (e.g., where rfc2047 encoded-words are split).
In a few cases that are still implementation dependent, added comments
identifying behavior specific to the legacy email API and expected to
change under the modern one.
Added comments identifying tests that cover internal functions planned
for deprecation, and (where meaningful) added similar tests to verify
the equivalent behavior in non-deprecated features.
Removed obsolete tests left over from Python 2.
Follow up to bd3b1dfa2422e02ced3a894adb7544e42540c97d.
Introduced in 2ae3044d9d4dfb8371055513e440e0384f211963.
Fixes DeprecationWarning:
'asyncio.iscoroutinefunction' is deprecated and slated for removal
in Python 3.16; use inspect.iscoroutinefunction() instead.
This change reuses the existing sorting of `hashed_files` in
`ManifestStaticFilesStorage.save_manifest` to also store a sorted
`paths` mapping in the manifest file. This ensures stable manifest
output that does not change unnecessarily.
Ensured the test for formatter subprocess FileNotFoundError doesn't rely
on platform-specific behavior, improving reliability on macOS and other
systems by consistently using pathlib to build test paths.
When native support for tuple lookups is missing in a DB backend, it can
be emulated with an EXISTS clause. This is controlled by the backend
feature flag "supports_tuple_lookups".
The mishandling of subquery right-hand side in `TupleIn` (added to
support `CompositePrimaryKey` in Refs #373) was likely missed because
the only core backend we test with the feature flag disabled
(Oracle < 23.4) supports it natively.
Thanks to Nandana Raol for the report, and to Sarah Boyce, Jacob Walls,
and Natalia Bidart for reviews.
Replaced the custom CSP middleware previously used in the admin's
AdminSeleniumTestCase with the official ContentSecurityPolicyMiddleware.
This change ensures alignment with Django's built-in CSP support.
Also updates the test logic to inspect browser console logs to assert
that no CSP violations are triggered during Selenium admin tests.
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
