1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Commit Graph

100 Commits

Author SHA1 Message Date
Andreas Pelme
ab7a85ac29 Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. 2022-12-17 08:46:37 +01:00
Mariusz Felisiak
514884e9a5 Updated various links to HTTPS and new locations. 2022-12-06 05:59:43 +01:00
Nick Pope
9bd174b9a7 Updated documentation and comments for RFC updates.
- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
tommcn
8e63390640 Corrected CSRF reference in middleware docs. 2022-03-17 06:03:10 +01:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Tim Graham
54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
bankc
db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Carlton Gibson
ad11f5b8c9 Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. 2020-10-22 14:15:19 +02:00
Mariusz Felisiak
4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Min ho Kim
103a6f4307 Fixed some typos in comments and docs.
Thanks to Mads Jenson for review.
2019-10-02 15:50:46 +02:00
Mar Sánchez
f1d4a540b2 Refs #15396 -- Mentioned full path to GZipMiddleware in documentation. 2019-10-02 14:39:01 +02:00
Carlton Gibson
9446950470 Refs #28699 -- Clarified CSRF middleware ordering in relation to RemoteUserMiddleware. 2019-10-02 13:11:03 +02:00
Nick Pope
406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Nick Pope
fc62e16291 Standardized links for headers in security middleware documentation. 2019-09-09 13:35:17 +02:00
Mariusz Felisiak
5ab75adb90 Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0. 2019-06-03 14:08:51 +02:00
Carlton Gibson
bae66e759f Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. 2019-01-30 11:02:26 -05:00
Daniel Musketa
ca2856fb62 Fixed typo in docs/ref/middleware.txt. 2018-11-14 09:47:22 -05:00
Daniel Hepper
a6fb5b1fe0 Remove documenation for non-existent middleware (#9998)
The docs contained a reference to the class
django.middleware.exception.ExceptionMiddleware. This class was introduced in
05c888ffb8. It was removed in 7d1b69dbe7, but the documentation remained.
2018-05-27 16:08:50 +02:00
Mariusz Felisiak
7c81b28ebc Updated various links in docs to use HTTPS. 2018-01-07 14:28:41 +01:00
Tim Graham
bc95314ca6 Fixed #28786 -- Doc'd middleware ordering considerations due to CommonMiddleware setting Content-Length. 2017-11-14 12:01:24 -05:00
Tim Graham
8f8a4d10d3 Refs #26447 -- Removed outdated ETag comment in CommonMiddleware.
Follow up to 48d57788ee.
2017-11-11 20:45:17 -05:00
Tim Graham
5446b72003 Removed versionadded/changed annotations for 1.11. 2017-09-22 12:51:18 -04:00
Tim Graham
48d57788ee Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. 2017-09-22 12:51:18 -04:00
Claude Paroz
01f658644a Updated various links in docs to avoid redirects
Thanks Tim Graham and Mariusz Felisiak for review and completion.
2017-05-22 19:28:44 +02:00
Tim Graham
e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Raphael Michel
ddf169cdac Refs #16859 -- Allowed storing CSRF tokens in sessions.
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-30 08:57:27 -05:00
Tim Graham
7301770254 Fixed typo in docs/ref/middleware.txt. 2016-11-06 13:22:08 +01:00
Adam Malinowski
37809b891e Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware. 2016-11-05 22:24:54 +01:00
Tim Graham
61f9243e51 Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. 2016-10-14 12:48:03 -04:00
Kevin Christopher Henry
ad332e5ca9 Refs #19705 -- Made GZipMiddleware make ETags weak.
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
2016-10-13 14:22:54 -04:00
Denis Cornehl
a840710e1e Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware. 2016-10-10 14:55:59 -04:00
Tim Graham
ef021412d5 Normalized spelling of ETag. 2016-09-09 11:00:21 -04:00
Ed Morley
3c2447dd13 Fixed #26947 -- Added an option to enable the HSTS header preload directive. 2016-08-10 20:23:54 -04:00
Ed Morley
8c3bc5cd78 Fixed docs to refer to HSTS includeSubdomains as a directive.
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
Claude Paroz
9588718cd4 Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
Tim Graham
46a38307c2 Removed versionadded/changed annotations for 1.9. 2016-05-20 11:44:29 -04:00
Shai Berger
5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Florian Apolloner
9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
rowanv
a6ef025dfb Fixed #26124 -- Added missing code formatting to docs headers. 2016-02-01 10:42:05 -05:00
Tim Graham
54848a96dd Removed versionadded/changed annotations for 1.8. 2015-09-23 19:31:11 -04:00
Tim Graham
849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Claude Paroz
64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
jorgecarleitao
7c642cafbb Fixed typo in docs/ref/middleware.txt 2015-07-27 07:15:49 -04:00
Jan Pazdziora
a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Marissa Zhou
8b1f39a727 Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.
Also moved it in the project template.
2015-06-08 12:32:38 -04:00
Dave Hodder
08c980d752 Updated capitalization in the word "JavaScript" for consistency 2015-05-01 13:26:42 -04:00
Tim Graham
c79faae761 Removed versionadded/changed notes for 1.7. 2015-02-01 21:02:40 -05:00