Andreas Pelme
ab7a85ac29
Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware.
2022-12-17 08:46:37 +01:00
Mariusz Felisiak
514884e9a5
Updated various links to HTTPS and new locations.
2022-12-06 05:59:43 +01:00
Nick Pope
9bd174b9a7
Updated documentation and comments for RFC updates.
...
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Carlton Gibson
ca1c3151c3
Removed versionadded/changed annotations for 4.0.
2022-05-17 14:22:06 +02:00
tommcn
8e63390640
Corrected CSRF reference in middleware docs.
2022-03-17 06:03:10 +01:00
Mariusz Felisiak
97237ad3fe
Removed versionadded/changed annotations for 3.2.
2021-09-20 21:23:01 +02:00
David Smith
1024b5e74a
Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.
2021-07-29 06:24:12 +02:00
Nick Pope
c156e36955
Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS.
2021-05-17 09:46:09 +02:00
Tim Graham
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
bankc
db5b75f10f
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
...
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Carlton Gibson
ad11f5b8c9
Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.
2020-10-22 14:15:19 +02:00
Mariusz Felisiak
4c5236ef93
Removed versionadded/changed annotations for 3.0.
2020-05-13 09:07:51 +02:00
Min ho Kim
103a6f4307
Fixed some typos in comments and docs.
...
Thanks to Mads Jenson for review.
2019-10-02 15:50:46 +02:00
Mar Sánchez
f1d4a540b2
Refs #15396 -- Mentioned full path to GZipMiddleware in documentation.
2019-10-02 14:39:01 +02:00
Carlton Gibson
9446950470
Refs #28699 -- Clarified CSRF middleware ordering in relation to RemoteUserMiddleware.
2019-10-02 13:11:03 +02:00
Nick Pope
406dba04e1
Fixed #29406 -- Added support for Referrer-Policy header.
...
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Nick Pope
fc62e16291
Standardized links for headers in security middleware documentation.
2019-09-09 13:35:17 +02:00
Mariusz Felisiak
5ab75adb90
Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.
2019-06-03 14:08:51 +02:00
Carlton Gibson
bae66e759f
Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.
2019-01-30 11:02:26 -05:00
Daniel Musketa
ca2856fb62
Fixed typo in docs/ref/middleware.txt.
2018-11-14 09:47:22 -05:00
Daniel Hepper
a6fb5b1fe0
Remove documenation for non-existent middleware ( #9998 )
...
The docs contained a reference to the class
django.middleware.exception.ExceptionMiddleware. This class was introduced in
05c888ffb8
. It was removed in 7d1b69dbe7
, but the documentation remained.
2018-05-27 16:08:50 +02:00
Mariusz Felisiak
7c81b28ebc
Updated various links in docs to use HTTPS.
2018-01-07 14:28:41 +01:00
Tim Graham
bc95314ca6
Fixed #28786 -- Doc'd middleware ordering considerations due to CommonMiddleware setting Content-Length.
2017-11-14 12:01:24 -05:00
Tim Graham
8f8a4d10d3
Refs #26447 -- Removed outdated ETag comment in CommonMiddleware.
...
Follow up to 48d57788ee
.
2017-11-11 20:45:17 -05:00
Tim Graham
5446b72003
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
Tim Graham
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
Claude Paroz
01f658644a
Updated various links in docs to avoid redirects
...
Thanks Tim Graham and Mariusz Felisiak for review and completion.
2017-05-22 19:28:44 +02:00
Tim Graham
e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
Raphael Michel
ddf169cdac
Refs #16859 -- Allowed storing CSRF tokens in sessions.
...
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-30 08:57:27 -05:00
Tim Graham
7301770254
Fixed typo in docs/ref/middleware.txt.
2016-11-06 13:22:08 +01:00
Adam Malinowski
37809b891e
Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware.
2016-11-05 22:24:54 +01:00
Tim Graham
61f9243e51
Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.
2016-10-14 12:48:03 -04:00
Kevin Christopher Henry
ad332e5ca9
Refs #19705 -- Made GZipMiddleware make ETags weak.
...
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
2016-10-13 14:22:54 -04:00
Denis Cornehl
a840710e1e
Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.
2016-10-10 14:55:59 -04:00
Tim Graham
ef021412d5
Normalized spelling of ETag.
2016-09-09 11:00:21 -04:00
Ed Morley
3c2447dd13
Fixed #26947 -- Added an option to enable the HSTS header preload directive.
2016-08-10 20:23:54 -04:00
Ed Morley
8c3bc5cd78
Fixed docs to refer to HSTS includeSubdomains as a directive.
...
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
Claude Paroz
9588718cd4
Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
...
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
Tim Graham
46a38307c2
Removed versionadded/changed annotations for 1.9.
2016-05-20 11:44:29 -04:00
Shai Berger
5112e65ef2
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
...
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
rowanv
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
Tim Graham
54848a96dd
Removed versionadded/changed annotations for 1.8.
2015-09-23 19:31:11 -04:00
Tim Graham
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
Claude Paroz
64982cc2fb
Updated Wikipedia links to use https
2015-08-08 12:02:32 +02:00
jorgecarleitao
7c642cafbb
Fixed typo in docs/ref/middleware.txt
2015-07-27 07:15:49 -04:00
Jan Pazdziora
a570701e02
Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.
2015-07-02 17:38:10 -04:00
Marissa Zhou
8b1f39a727
Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.
...
Also moved it in the project template.
2015-06-08 12:32:38 -04:00
Dave Hodder
08c980d752
Updated capitalization in the word "JavaScript" for consistency
2015-05-01 13:26:42 -04:00
Tim Graham
c79faae761
Removed versionadded/changed notes for 1.7.
2015-02-01 21:02:40 -05:00