1
0
mirror of https://github.com/django/django.git synced 2025-10-26 07:06:08 +00:00
Commit Graph

446 Commits

Author SHA1 Message Date
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant
92090253fe Fixed small error in deprecation policy.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11652 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 14:10:00 +00:00
James Bennett
724c926b82 The 1.1.X branch has been created, so that needs to be past tense.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11588 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-22 21:20:51 +00:00
Russell Keith-Magee
27c68216c2 Added the SVN internal docs to the internal docs index.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11542 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:37:19 +00:00
James Bennett
a53601c674 Document the fact that we now put dead branches in the attic.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11523 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-11 21:59:29 +00:00
James Bennett
150ef1adee Correct a typo and a reST formatting problem in [11466].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11467 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-17 10:51:35 +00:00
James Bennett
5eda3a16df Add new documentation covering the layout of the Django SVN repository.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11466 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-17 10:23:43 +00:00
Brian Rosner
7ac1d98e1c Updated my bio to reflect current status
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11379 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-03 08:30:03 +00:00
Gary Wilson Jr
2d781aae5f Updated my bio.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11281 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-21 16:45:13 +00:00
Russell Keith-Magee
fb56401596 Fixed #11493 -- Added an internal document listing the APIs that have been formally deprecated. Thanks to Alex Gaynor for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11277 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-21 01:51:40 +00:00
Justin Bronn
260cf21936 Added myself to AUTHORS and updated my bio.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11265 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-17 16:44:57 +00:00
Russell Keith-Magee
6c81952b37 Fixed #10336 -- Added improved documentation of generic views. Thanks to Jacob and Adrian for the original text (from the DjangoBook), and Ramiro for doing the work of porting the docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11025 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 14:09:56 +00:00
Karen Tracey
50745cc31e Fixed #11066 -- Corrected 15 duplicate "the"s found in docs and code comments. Thanks kaikuehne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10801 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 16:45:28 +00:00
Jacob Kaplan-Moss
da17a314ca Fixed a silly typo in my bio. How embarrassing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10490 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 17:09:09 +00:00
Jacob Kaplan-Moss
ec4cf19700 Updated my bio.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10484 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 16:33:52 +00:00
Gary Wilson Jr
1eccb1c6aa Fixed #10577 -- Fixed doc typo, patch from Zoramite.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 15:39:32 +00:00
Russell Keith-Magee
638dbc3e83 Fixed #6464 -- Added incr() and decr() operations on cache backends. Atomic on Memcache; implemented as a 2 stage retrieve/update on other backends. Includes refactor of the cache tests to ensure all the backends are actually tested, and a fix to the DB cache backend that was discovered as a result. Thanks to Michael Malone for the original patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10031 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-11 13:27:03 +00:00
Russell Keith-Magee
ff4b844cb4 Added a link to RKM's blog in the committers file.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9698 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-03 05:04:12 +00:00
Karen Tracey
453d452653 In the release process doc, clarify that the original committer is responsible for backporting trunk fixes to the bug-fix branch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9610 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-08 17:15:56 +00:00
Karen Tracey
8d28a4c853 Quit being a complete mystery.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9416 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-13 23:43:25 +00:00
Malcolm Tredinnick
08c3ad0cd0 Added a link to the "documentation" documentation in the contributing docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-07 11:49:50 +00:00
Malcolm Tredinnick
777aaf0333 Added a note about where custom manager specifications go in a model (for the
style guide).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-07 11:48:11 +00:00
Jacob Kaplan-Moss
af68a0ccd8 Fixed heading levels in docs/internals/committers
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9072 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-19 19:45:54 +00:00
Jacob Kaplan-Moss
de9acabf12 Updated contributing documentation to contain the new release process and updated information about branches using DVCSes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9071 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-19 19:44:10 +00:00
Adrian Holovaty
1b58b77f0d Edited docs changes from [9010] and [9011]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9014 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-11 03:32:28 +00:00
Simon Willison
1c78bf4b98 Small documentation tweaks, fixes #9000 - thanks, ramiro
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9010 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-11 02:43:32 +00:00
Adrian Holovaty
8be80c2380 Fixed #8996 -- Fixed small typo in documentation.txt. Thanks, rduffield
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8997 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-10 04:04:57 +00:00
Simon Willison
698dbb63e0 I am not a lolcat
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8970 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-05 17:40:30 +00:00
Luke Plant
7982519477 Added bio for myself
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8969 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-05 15:39:58 +00:00
Luke Plant
a5bf0af67c Fixed typo in my name
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-05 14:07:17 +00:00
Simon Willison
c19d2dd8f7 Cleaned up some whitespace
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8953 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 21:22:49 +00:00
Simon Willison
00dcd49ffb I'm not working for the Guardian just yet - not until October
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 21:21:24 +00:00
James Bennett
cdffe90c8a And now we don't need that redundant extra sentence
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:57:46 +00:00
James Bennett
d6f94676cb Fix my bio
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8948 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:56:26 +00:00
Jacob Kaplan-Moss
ee28ee9311 Fixes #8847 - a bunch of cleanups to the i18n docs. Thanks, ramiro!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8946 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:52:20 +00:00
Malcolm Tredinnick
8df158048c Typo fixes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8945 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:41:21 +00:00
Brian Rosner
dd75469d4f Added my location to the committer details.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8944 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:35:31 +00:00
Brian Rosner
26dd79c8aa Updated my entry on the committers documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8943 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:30:52 +00:00
Russell Keith-Magee
d302be429b Corrected some minor typos in the committers details.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8940 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:21:31 +00:00
James Bennett
c5d56be365 Fixed a small typo in docs/internals/committers.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8939 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 20:14:57 +00:00
Jacob Kaplan-Moss
9d5e77d26d Cleaned up the list of authors/contributors so that people actually working on Django get some props.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8936 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 19:58:21 +00:00
Jacob Kaplan-Moss
58e3ef76db Updated API stability document for 1.0.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8866 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 18:45:33 +00:00
Jacob Kaplan-Moss
64a9469127 Fixed #8753: converted "new in ..." callouts to proper Sphinx "versionadded/versionchanged" directives. Thanks to Marc Fargas for all the heavy lifting here.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8843 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 03:40:42 +00:00
Malcolm Tredinnick
c0b53b3dcc Removed the need for ROOT_URLCONF in settings when running Django's core tests
(via runtests.py). It was embarrassing having to explain the need for it to
people, since we ignore whatever setting is passed in.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-30 05:09:03 +00:00
Jacob Kaplan-Moss
a169884505 Fixed #8539: fixed PEP references. Thanks, carljm.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 19:28:57 +00:00
Jacob Kaplan-Moss
97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00