1
0
mirror of https://github.com/django/django.git synced 2024-12-26 19:16:11 +00:00
Commit Graph

9 Commits

Author SHA1 Message Date
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Joshua Kehn
ab26b65b2f Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS.
Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other
domains that are included during the CSRF Referer header verification
for secure (HTTPS) requests.
2015-09-05 09:19:57 -04:00
Marc
f9de197268 Recommended the JavaScript Cookie library instead of jQuery cookie.
jQuery cookie is no longer maintained in favor of the JavaScript
cookie library. This also removes the jQuery dependency.
2015-08-19 10:04:01 -04:00
Dave Hodder
08c980d752 Updated capitalization in the word "JavaScript" for consistency 2015-05-01 13:26:42 -04:00
Grzegorz Slusarek
668d53cd12 Fixed #21495 -- Added settings.CSRF_HEADER_NAME 2015-03-05 15:03:40 -05:00
Aymeric Augustin
9eb4f28e89 Deprecated TEMPLATE_CONTEXT_PROCESSORS. 2014-12-28 17:02:31 +01:00
Aymeric Augustin
92e8f1f302 Moved context_processors from django.core to django.template. 2014-12-28 17:00:07 +01:00
Fabio Natali
fa680ce1e2 Fixed #23825 -- Added links for decorating class-based views to the CSRF docs. 2014-11-15 19:33:39 +01:00
Thomas Chaumeny
d3db878e4b Moved CSRF docs out of contrib. 2014-11-03 07:47:39 -05:00