1
0
mirror of https://github.com/django/django.git synced 2024-12-27 11:35:53 +00:00
Commit Graph

62 Commits

Author SHA1 Message Date
Tim Graham
e376558ed2 Fixed #16936 - Updated javascript for CSRF protection.
Thanks Idan Gazit for the patch.
2012-09-01 06:03:01 -04:00
Aymeric Augustin
c28e700c7e Removed references to changes made in 1.2.
Thanks Florian Apolloner for the patch.
2012-06-07 15:02:35 +02:00
Aymeric Augustin
17f3e9258e Fixed #18397 -- Avoided referencing lawrence.com.
This commit includes multiple small related changes, see the ticket
for a full discussion.
2012-06-07 11:50:20 +02:00
Carl Meyer
8cadf1d79a Fixed #17790 - Made the Ajax CSRF jQuery example work with jQuery in compatibility mode, too. Thanks Jonathan Hayward for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 16:06:11 +00:00
Luke Plant
0447cc1231 Added versionadded info for ensure_csrf_cookie decorator
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-27 14:40:36 +00:00
Luke Plant
59b2439e7e Fixed ReST typo in CSRF docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-27 14:40:27 +00:00
Adrian Holovaty
937213c2c3 Edited csrf.txt changes from [17299]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30 20:36:54 +00:00
Aymeric Augustin
39201d8fe5 Fixed #16704 -- Documented how to insert the CSRF token outside of Django's own template engine. Thanks paulcwatts and bpeschier for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30 14:55:44 +00:00
Timo Graham
c29e089000 Fixed #17105 - Typos in docs/ref/contrib/csrf.txt; thanks googol for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17109 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-19 10:53:26 +00:00
Luke Plant
d1e5c55258 Fixed many more ReST indentation errors, somehow accidentally missed from [16955]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 00:12:01 +00:00
Ramiro Morales
932b1b8d6d Converted links to external topics so they use intersphinx extension markup.
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.

Fixes #16586.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Jannis Leidel
566b3295fa Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:58:19 +00:00
Timo Graham
f3bf62230a Fixed #16606 - Typo in docs/ref/contrib/csrf.txt; thanks selwin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16612 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:25:57 +00:00
Brian Rosner
99cd76e273 Added a note about the AJAX CSRF example not working on jQuery 1.5
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-14 18:36:05 +00:00
Carl Meyer
0e03a504bf Refs #15855 -- Recommended the csrf_protect decorator rather than vary_on_cookie as workaround for cache_page caching the response before it gets to middleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16361 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 16:18:40 +00:00
Luke Plant
528157ce73 Fixed #14201 - Add a "security overview" page to the docs
Thanks to davidfischer for the initial patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 15:14:36 +00:00
Ramiro Morales
50ad59527c Tweaked some render_to_response links in the documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16255 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 18:36:01 +00:00
Simon Meers
5ecb88c146 Fixed #16014 -- numerous documentation typos -- thanks psmith.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-13 04:33:42 +00:00
Luke Plant
396bc58889 Updated AJAX example code in CSRF docs to be consistent regarding what are safe HTTP methods
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:46:02 +00:00
Luke Plant
cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant
8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant
a75120927e Added 'settings' section to CSRF docs, eliminating the unneeded 'Subdomains' section
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:10 +00:00
Luke Plant
d3641d889b Clarified wording about use of 2 decorators in CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:02 +00:00
Luke Plant
bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant
b6c5f8060d Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 21:35:24 +00:00
Luke Plant
e9342e9b32 Fixed #15469 - CSRF token is inserted on GET requests
Thanks to goran for report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:57 +00:00
Luke Plant
7c648ea4aa Mentioned simplification of AJAX example code in CSRF docs.
Refs #15469. Thanks to aaugustin for the suggestion

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:49 +00:00
Luke Plant
5df93d529d Documented the edge case of needing a view that is partly CSRF protected
Refs #15518.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:52 +00:00
Luke Plant
b5da093fa9 In CSRF docs, moved 'Exceptions' section to 'Edge cases', and cleaned up some associated markup
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:45 +00:00
Luke Plant
eadcbcb131 Fixed #15518 - documented requires_csrf_token
Thanks to vzima for a report that raised the issue.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:36 +00:00
Luke Plant
1d350a6c51 Changed an example in CSRF docs to use new 'render' shortcut
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:28 +00:00
Luke Plant
ae1866ddef Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs
Thanks to nick for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 15:40:01 +00:00
Luke Plant
96520e87bd Corrected factual error regarding logging in the CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16047 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 11:39:10 +00:00
Luke Plant
8823021625 Removed deprecated CsrfResponseMiddleware, and corresponding tests and docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:34:26 +00:00
Luke Plant
37343bac8a Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 11:27:58 +00:00
Luke Plant
d068a04244 Fixed #15284 - improved example jQuery code for adding X-CSRF-Token
Using the ajaxSend event is better than beforeSend, because the beforeSend
callback can have only one value, which makes it painful if it is needed by
multiple bits of javascript.

Thanks to LukeMaurer for report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15515 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 23:37:35 +00:00
Alex Gaynor
208630aa4b Fixed a security issue in the CSRF component. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 02:06:27 +00:00
Timo Graham
2ea93f9327 Fixed #14000 - remove versionadded/changed tags for Django 1.0 and 1.1
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-26 00:37:14 +00:00
Russell Keith-Magee
8ce4a1991a Fixed #14116 -- Added a flag to enable CSRF checks in the test client. Thanks to jon@licq.org for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-27 13:54:13 +00:00
Jacob Kaplan-Moss
728effcfbd Fixed #14141: docs now use the :doc: construct for links between documents.
Thanks, Ramiro Morales.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13608 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-19 19:27:44 +00:00
Luke Plant
9f592ecced Fixed #12964 - wrong path for CSRF decorators in upgrading notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-27 21:00:38 +00:00
Luke Plant
be57541af1 Fixed #12839 - noted change of import path for csrf_exempt decorator
Thanks rubic for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12407 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-10 23:51:09 +00:00
Luke Plant
48edb177ed Fixed #12053 - form examples don't validate according to w3c
Thanks to skyl for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12086 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-04 21:55:52 +00:00
Luke Plant
20c7e646ff Added notes to "Features deprecated in 1.2" about CSRF and SMTPConnection
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11788 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-03 14:48:47 +00:00
Russell Keith-Magee
cf169d9e12 Cleaned up the release notes index page, and added some stub 1.1.2 and 1.2 release notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-23 13:44:24 +00:00
Luke Plant
53b2c3867b Fixed #12130 - documented need for csrf_protect on views that don't accept POST
Includes:
   
 * proper documentation for csrf_protect
 * notes in comments app.
 * specific upgrade notes for comments app

Thanks to carljm for report and debugging.




git-svn-id: http://code.djangoproject.com/svn/django/trunk@11711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 14:40:37 +00:00
Luke Plant
5a0aab41ee Allow CsrfResponseMiddleware to be used if templates cannot be updated.
For the case where someone is using contrib views with custom templates that
they cannot update to use the template tag, it should be possible to use
CsrfResponseMiddleware.  This requires that 'csrf_response_exempt' is not
used for the admin views.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 00:17:29 +00:00
Luke Plant
e6f0c10e77 Fixed typo in docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 22:26:54 +00:00
Luke Plant
9dc9770736 Documented the presence of {% csrf_token %} in Django 1.1.2 in trunk docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:52:25 +00:00
Luke Plant
b32a187296 Fixed some typos
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11668 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 13:13:40 +00:00