1
0
mirror of https://github.com/django/django.git synced 2024-12-23 09:36:06 +00:00
Commit Graph

104 Commits

Author SHA1 Message Date
Tim Graham
54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
bankc
db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Carlton Gibson
ad11f5b8c9 Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. 2020-10-22 14:15:19 +02:00
Tom Carrick
bcc2befd0e Fixed #31789 -- Added a new headers interface to HttpResponse. 2020-09-14 08:41:59 +02:00
Claude Paroz
4d973f5939 Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
This is the new contract since middleware refactoring in Django 1.10.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Viktor Lomakin
ee6b17187f Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses with non-empty content. 2019-10-10 09:51:05 +02:00
Nick Pope
406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Claude Paroz
05d0eca635 Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. 2019-09-09 08:15:26 +02:00
Hasan Ramezani
090ca6512f Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ADMINS/MANAGERS is set incorrectly. 2019-07-02 07:34:07 +02:00
Nick Pope
413d50b5ff Corrected settings names in SecurityMiddleware tests. 2019-03-20 20:15:34 -04:00
Jon Dufresne
c492fdfd24 Removed default empty content argument from HttpResponse calls. 2019-02-09 16:27:32 -05:00
Tim Graham
043bd70942 Updated test URL patterns to use path() and re_path(). 2018-12-31 10:47:32 -05:00
Simon Charette
0f212db29d Made reused RequestFactory instances class attributes. 2018-11-27 09:49:02 -05:00
Artur Juraszek
817c6cdf0e Capitalized SecurityMiddleware headers for consistency with other headers.
(No behavior change since HTTP headers are case insensitive.)
2018-10-30 18:30:51 -04:00
Andreas Hug
a656a68127 Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-08-01 09:28:42 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code. 2018-03-16 10:54:34 +01:00
Tim Graham
48d57788ee Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. 2017-09-22 12:51:18 -04:00
Tim Graham
500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Vytis Banaitis
8838d4dd49 Refs #23919 -- Replaced kwargs.pop() with keyword-only arguments. 2017-02-01 11:41:56 -05:00
chillaranand
d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz
dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Claude Paroz
2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Sven Engström
f46a838efc Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a trailing slash. 2016-11-06 10:38:36 +01:00
Adam Malinowski
37809b891e Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware. 2016-11-05 22:24:54 +01:00
Kevin Christopher Henry
2327fad54e Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests. 2016-10-17 16:11:53 -04:00
Tim Graham
61f9243e51 Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. 2016-10-14 12:48:03 -04:00
Kevin Christopher Henry
9108696a75 Refs #19705 -- Changed gzip modification times to 0.
This makes gzip output deterministic, which allows
ConditionalGetMiddleware to reliably compare ETags on gzipped
content (views using the gzip_page() decorator in particular).
2016-10-14 07:41:42 -04:00
Kevin Christopher Henry
ad332e5ca9 Refs #19705 -- Made GZipMiddleware make ETags weak.
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
2016-10-13 14:22:54 -04:00
Kevin Christopher Henry
bd7237d7ec Fixed #19705 -- Set proper headers on conditional Not Modified responses. 2016-10-12 14:43:25 -04:00
Denis Cornehl
a840710e1e Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware. 2016-10-10 14:55:59 -04:00
Kevin Christopher Henry
4ef0e019b7 Fixed #27083 -- Added support for weak ETags. 2016-09-10 08:14:52 -04:00
Ed Morley
3c2447dd13 Fixed #26947 -- Added an option to enable the HSTS header preload directive. 2016-08-10 20:23:54 -04:00
Ed Morley
8c3bc5cd78 Fixed docs to refer to HSTS includeSubdomains as a directive.
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
Tim Graham
0850236a8c Fixed a typo in tests/middleware/test_security.py 2016-07-28 22:00:48 -04:00
andrewnester
20d39325ca Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response has Cache-Control: no-store. 2016-07-15 15:34:00 -04:00
Claude Paroz
9588718cd4 Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
Jon Dufresne
4f336f6652 Fixed #26747 -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00
Tim Graham
92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
ieatkittens
9390da7fb6 Fixed #26293 -- Fixed CommonMiddleware to process PREPEND_WWW and APPEND_SLASH independently. 2016-03-23 09:23:19 -04:00
harikrishnakanchi
74670498e9 Fixed #25971 -- Made BrokenLinkEmailsMiddleware ignore APPEND_SLASH redirects.
If APPEND_SLASH=True and the referer is the URL without a trailing '/', then
BrokenLinkEmailsMiddleware shouldn't send an email.
2016-03-08 09:21:42 -05:00
Tim Graham
406675b1a0 Fixed #26176 -- Fixed E123 flake8 warnings. 2016-02-05 15:11:07 -05:00
userimack
60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Denis Cornehl
186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Tim Graham
89616f0c79 Made cosmetic cleanups in middleware tests. 2015-12-31 10:29:39 -05:00
Derek J. Curtis
6be9589eb3 Fixed #25900 -- Fixed regression in CommonMiddleware ETag support. 2015-12-10 13:51:07 -05:00
Tim Graham
5bc881541c Moved a few CommonMiddleware tests to the correct test class. 2015-12-10 13:44:54 -05:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00