1
0
mirror of https://github.com/django/django.git synced 2025-10-26 07:06:08 +00:00
Commit Graph

62 Commits

Author SHA1 Message Date
Ed Morley
233ec837f6 [1.10.x] Fixed docs to refer to HSTS includeSubdomains as a directive.
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2

Backport of 8c3bc5cd78 from master
2016-08-08 20:22:09 -04:00
Shai Berger
5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Florian Apolloner
9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
rowanv
a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Tim Graham
54848a96dd Removed versionadded/changed annotations for 1.8. 2015-09-23 19:31:11 -04:00
Tim Graham
849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Claude Paroz
64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
jorgecarleitao
7c642cafbb Fixed typo in docs/ref/middleware.txt 2015-07-27 07:15:49 -04:00
Jan Pazdziora
a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Marissa Zhou
8b1f39a727 Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.
Also moved it in the project template.
2015-06-08 12:32:38 -04:00
Dave Hodder
08c980d752 Updated capitalization in the word "JavaScript" for consistency 2015-05-01 13:26:42 -04:00
Tim Graham
c79faae761 Removed versionadded/changed notes for 1.7. 2015-02-01 21:02:40 -05:00
Berker Peksag
df0523debc Fixed #23531 -- Added CommonMiddleware.response_redirect_class. 2014-11-04 17:56:57 -05:00
Thomas Chaumeny
d3db878e4b Moved CSRF docs out of contrib. 2014-11-03 07:47:39 -05:00
Tim Graham
52ef6a4726 Fixed #17101 -- Integrated django-secure and added check --deploy option
Thanks Carl Meyer for django-secure and for reviewing.

Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews.
2014-09-12 15:05:23 -04:00
Claude Paroz
0b5bafe993 Removed reference to old middleware 2014-06-30 20:36:18 +02:00
Aymeric Augustin
df09d85482 Fixed #17552 -- Removed a hack for IE6 and earlier.
It prevented the GZipMiddleware from compressing some data types even on
more recent version of IE where the corresponding bug was fixed.

Thanks Aaron Cannon for the report and Tim Graham for the review.
2014-06-10 08:42:31 +02:00
Claude Paroz
756c390fb5 Fixed #20816 -- Added hints about Django middleware ordering
Thanks gthb Trac user for the report, kolypto StackOverflow
user for the initial list and Tim Graham for the review.
2014-05-22 18:33:10 +02:00
Tim Graham
465980d070 Added RemoteUserMiddleware to middleware reference page. 2014-04-16 07:22:15 -04:00
Tim Graham
fd23c06023 Fixed #21649 -- Added optional invalidation of sessions when user password changes.
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-04-05 12:50:51 -04:00
Tim Graham
51c8045145 Removed versionadded/changed annotations for 1.6. 2014-03-24 11:42:56 -04:00
Thomas Schreiber
907ac64641 Fixed typos in docs (django.contrib.site) 2014-03-21 19:56:31 +01:00
Rodolfo Carvalho
2b6436e2d5 Fixed some typos and formatting issues in docs. 2014-03-03 08:37:17 -05:00
Christopher Medrela
b22d6c47a7 Fixed #17005 -- Added CurrentSiteMiddleware to set the current site on each request.
Thanks jordan at aace.org for the suggestion.
2014-02-06 04:45:49 -05:00
Emil Stenström
7a97df190c Fixed #19277 -- Added LocaleMiddleware.response_redirect_class
Thanks ppetrid at yawd.eu for the suggestion.
2013-10-03 16:15:29 -04:00
Tim Graham
da843e7dba Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.
2013-09-11 08:17:15 -04:00
Brenton Cleeland
dab52d99fc Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs.
Thanks simonb for the report.
2013-07-25 07:38:14 -04:00
Łukasz Langa
660762681c Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middleware 2013-05-19 13:18:35 +02:00
Juan Catalano
78c842a323 Adapted uses of versionchanged/versionadded to the new form.
Refs #20104.
2013-04-20 17:18:35 +02:00
Aymeric Augustin
ac37ed21b3 Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.
Replaced them with per-database options, for proper multi-db support.

Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience.
2013-03-11 15:04:05 +01:00
Aymeric Augustin
50a985b09b Fixed #19099 -- Split broken link emails out of common middleware. 2013-01-15 17:41:45 +01:00
Tim Graham
9b5f64cc6e Fixed #19516 - Fixed remaining broken links.
Added -n to sphinx builds to catch issues going forward.
2013-01-02 18:32:57 -05:00
Aymeric Augustin
7ee7599ab3 Removed versionadded/changed annotations dating back to 1.4. 2012-12-29 21:59:08 +01:00
Preston Holmes
11ded967c4 Fixed #19498 -- refactored auth documentation
The auth doc was a single page which had grown unwieldy.
This refactor split and grouped the content into sub-topics.
Additional corrections and cleanups were made along the way.
2012-12-28 11:06:12 -08:00
Tim Graham
3e0857041b Fixed #18473 - Fixed a suggestion that GZipMiddleware needs to be first in the list of middleware. 2012-10-17 15:46:59 -04:00
Tim Graham
2d1214d92a Fixed #14165 - Documented that TransactionMiddleware only applies to the default database. 2012-10-11 17:47:37 -04:00
Tim Graham
07d70e9b26 Fixed #18656 -- Fixed LocaleMiddleware link; thanks mitar for the report. 2012-07-28 13:31:41 -04:00
Aymeric Augustin
c28e700c7e Removed references to changes made in 1.2.
Thanks Florian Apolloner for the patch.
2012-06-07 15:02:35 +02:00
Adrian Holovaty
6ecadcbdd2 Made a bunch more edits up until [17418]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17428 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-03 20:45:45 +00:00
Aymeric Augustin
4288c8831b Fixed #10762, #17514 -- Prevented the GZip middleware from returning a response longer than the original content, allowed compression of non-200 responses, and added tests (there were none). Thanks cannona for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-09 21:42:03 +00:00
Karen Tracey
0426962dac Fix #16998: Update name of the CSRF middleware in doc. Thanks ptone and poirier.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17085 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-12 17:37:29 +00:00
Luke Plant
d1e5c55258 Fixed many more ReST indentation errors, somehow accidentally missed from [16955]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 00:12:01 +00:00
Jannis Leidel
43cb78fafd Fixed #14506 -- Added an assertion to XViewMiddleware about the dependency on the authentication middleware. Thanks, vanschelven.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16496 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-03 17:56:25 +00:00
Timo Graham
b9ea5e163e Fixed #16258 - typo in middleware docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16441 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-19 19:40:18 +00:00
Luke Plant
524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Timo Graham
ee5fb7d18c Fixed #6181 - Document django.views.decorators.http - thanks adamv for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15064 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-27 13:27:26 +00:00
Timo Graham
2ea93f9327 Fixed #14000 - remove versionadded/changed tags for Django 1.0 and 1.1
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-26 00:37:14 +00:00
Timo Graham
9d3b3d11f4 Fixed #14785 - fixes to middleware docs - thanks adamv for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-27 21:58:20 +00:00
Gabriel Hurley
682f4cf9ed Fixed #12975 -- Moved the docs for contrib.admindocs out of the template docs and into their own reference section, and significantly improved the documentation of what admindocs can do. Thanks to jabapyth for the report, and whiteinge for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14484 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-07 09:21:55 +00:00
Gabriel Hurley
34f003028d Fixed #14047 -- Updated the CommonMiddleware docs to include sending broken link email notifications. Thanks to Leon Matthews for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14352 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-25 21:04:44 +00:00