Carlton Gibson 
							
						 
					 
					
						
						
							
						
						ca1c3151c3 
					 
					
						
						
							
							Removed versionadded/changed annotations for 4.0.  
						
						
						
						
					 
					
						2022-05-17 14:22:06 +02:00 
						 
				 
			
				
					
						
							
							
								tommcn 
							
						 
					 
					
						
						
							
						
						8e63390640 
					 
					
						
						
							
							Corrected CSRF reference in middleware docs.  
						
						
						
						
					 
					
						2022-03-17 06:03:10 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						97237ad3fe 
					 
					
						
						
							
							Removed versionadded/changed annotations for 3.2.  
						
						
						
						
					 
					
						2021-09-20 21:23:01 +02:00 
						 
				 
			
				
					
						
							
							
								David Smith 
							
						 
					 
					
						
						
							
						
						1024b5e74a 
					 
					
						
						
							
							Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.  
						
						
						
						
					 
					
						2021-07-29 06:24:12 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
							
						
						c156e36955 
					 
					
						
						
							
							Refs  #32720  -- Updated various links in docs to avoid redirects and use HTTPS.  
						
						
						
						
					 
					
						2021-05-17 09:46:09 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						54da6e2ac2 
					 
					
						
						
							
							Fixed   #32678  -- Removed SECURE_BROWSER_XSS_FILTER setting.  
						
						
						
						
					 
					
						2021-04-30 12:32:52 +02:00 
						 
				 
			
				
					
						
							
							
								bankc 
							
						 
					 
					
						
						
							
						
						db5b75f10f 
					 
					
						
						
							
							Fixed   #31840  -- Added support for Cross-Origin Opener Policy header.  
						
						... 
						
						
						
						Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com > 
						
						
					 
					
						2021-03-30 19:59:24 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						ad11f5b8c9 
					 
					
						
						
							
							Fixed   #32124  -- Added per-view opt-out for APPEND_SLASH behavior.  
						
						
						
						
					 
					
						2020-10-22 14:15:19 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						4c5236ef93 
					 
					
						
						
							
							Removed versionadded/changed annotations for 3.0.  
						
						
						
						
					 
					
						2020-05-13 09:07:51 +02:00 
						 
				 
			
				
					
						
							
							
								Min ho Kim 
							
						 
					 
					
						
						
							
						
						103a6f4307 
					 
					
						
						
							
							Fixed some typos in comments and docs.  
						
						... 
						
						
						
						Thanks to Mads Jenson for review. 
						
						
					 
					
						2019-10-02 15:50:46 +02:00 
						 
				 
			
				
					
						
							
							
								Mar Sánchez 
							
						 
					 
					
						
						
							
						
						f1d4a540b2 
					 
					
						
						
							
							Refs  #15396  -- Mentioned full path to GZipMiddleware in documentation.  
						
						
						
						
					 
					
						2019-10-02 14:39:01 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						9446950470 
					 
					
						
						
							
							Refs  #28699  -- Clarified CSRF middleware ordering in relation to RemoteUserMiddleware.  
						
						
						
						
					 
					
						2019-10-02 13:11:03 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
							
						
						406dba04e1 
					 
					
						
						
							
							Fixed   #29406  -- Added support for Referrer-Policy header.  
						
						... 
						
						
						
						Thanks to James Bennett for the initial implementation. 
						
						
					 
					
						2019-09-09 13:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
							
						
						fc62e16291 
					 
					
						
						
							
							Standardized links for headers in security middleware documentation.  
						
						
						
						
					 
					
						2019-09-09 13:35:17 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						5ab75adb90 
					 
					
						
						
							
							Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.  
						
						
						
						
					 
					
						2019-06-03 14:08:51 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						bae66e759f 
					 
					
						
						
							
							Fixed   #30091  -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.  
						
						
						
						
					 
					
						2019-01-30 11:02:26 -05:00 
						 
				 
			
				
					
						
							
							
								Daniel Musketa 
							
						 
					 
					
						
						
							
						
						ca2856fb62 
					 
					
						
						
							
							Fixed typo in docs/ref/middleware.txt.  
						
						
						
						
					 
					
						2018-11-14 09:47:22 -05:00 
						 
				 
			
				
					
						
							
							
								Daniel Hepper 
							
						 
					 
					
						
						
							
						
						a6fb5b1fe0 
					 
					
						
						
							
							Remove documenation for non-existent middleware ( #9998 )  
						
						... 
						
						
						
						The docs contained a reference to the class
django.middleware.exception.ExceptionMiddleware. This class was introduced in
05c888ffb87d1b69dbe7 
						
						
					 
					
						2018-05-27 16:08:50 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						7c81b28ebc 
					 
					
						
						
							
							Updated various links in docs to use HTTPS.  
						
						
						
						
					 
					
						2018-01-07 14:28:41 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						bc95314ca6 
					 
					
						
						
							
							Fixed   #28786  -- Doc'd middleware ordering considerations due to CommonMiddleware setting Content-Length.  
						
						
						
						
					 
					
						2017-11-14 12:01:24 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						8f8a4d10d3 
					 
					
						
						
							
							Refs  #26447  -- Removed outdated ETag comment in CommonMiddleware.  
						
						... 
						
						
						
						Follow up to 48d57788ee 
						
						
					 
					
						2017-11-11 20:45:17 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						5446b72003 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.11.  
						
						
						
						
					 
					
						2017-09-22 12:51:18 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						48d57788ee 
					 
					
						
						
							
							Refs  #26447  -- Removed the USE_ETAGS setting per deprecation timeline.  
						
						
						
						
					 
					
						2017-09-22 12:51:18 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						01f658644a 
					 
					
						
						
							
							Updated various links in docs to avoid redirects  
						
						... 
						
						
						
						Thanks Tim Graham and Mariusz Felisiak for review and completion. 
						
						
					 
					
						2017-05-22 19:28:44 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						e27e4c0339 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.10.  
						
						
						
						
					 
					
						2017-01-17 20:52:05 -05:00 
						 
				 
			
				
					
						
							
							
								Raphael Michel 
							
						 
					 
					
						
						
							
						
						ddf169cdac 
					 
					
						
						
							
							Refs  #16859  -- Allowed storing CSRF tokens in sessions.  
						
						... 
						
						
						
						Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review. 
						
						
					 
					
						2016-11-30 08:57:27 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						7301770254 
					 
					
						
						
							
							Fixed typo in docs/ref/middleware.txt.  
						
						
						
						
					 
					
						2016-11-06 13:22:08 +01:00 
						 
				 
			
				
					
						
							
							
								Adam Malinowski 
							
						 
					 
					
						
						
							
						
						37809b891e 
					 
					
						
						
							
							Fixed   #27346  -- Stopped setting the Content-Length header in ConditionalGetMiddleware.  
						
						
						
						
					 
					
						2016-11-05 22:24:54 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						61f9243e51 
					 
					
						
						
							
							Fixed   #27345  -- Stopped setting the Date header in ConditionalGetMiddleware.  
						
						
						
						
					 
					
						2016-10-14 12:48:03 -04:00 
						 
				 
			
				
					
						
							
							
								Kevin Christopher Henry 
							
						 
					 
					
						
						
							
						
						ad332e5ca9 
					 
					
						
						
							
							Refs  #19705  -- Made GZipMiddleware make ETags weak.  
						
						... 
						
						
						
						Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression. 
						
						
					 
					
						2016-10-13 14:22:54 -04:00 
						 
				 
			
				
					
						
							
							
								Denis Cornehl 
							
						 
					 
					
						
						
							
						
						a840710e1e 
					 
					
						
						
							
							Fixed   #26447  -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.  
						
						
						
						
					 
					
						2016-10-10 14:55:59 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						ef021412d5 
					 
					
						
						
							
							Normalized spelling of ETag.  
						
						
						
						
					 
					
						2016-09-09 11:00:21 -04:00 
						 
				 
			
				
					
						
							
							
								Ed Morley 
							
						 
					 
					
						
						
							
						
						3c2447dd13 
					 
					
						
						
							
							Fixed   #26947  -- Added an option to enable the HSTS header preload directive.  
						
						
						
						
					 
					
						2016-08-10 20:23:54 -04:00 
						 
				 
			
				
					
						
							
							
								Ed Morley 
							
						 
					 
					
						
						
							
						
						8c3bc5cd78 
					 
					
						
						
							
							Fixed docs to refer to HSTS includeSubdomains as a directive.  
						
						... 
						
						
						
						The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2  
						
						
					 
					
						2016-08-08 20:20:49 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						9588718cd4 
					 
					
						
						
							
							Fixed   #5897  -- Added the Content-Length response header in CommonMiddleware  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2016-06-27 10:44:57 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						46a38307c2 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.9.  
						
						
						
						
					 
					
						2016-05-20 11:44:29 -04:00 
						 
				 
			
				
					
						
							
							
								Shai Berger 
							
						 
					 
					
						
						
							
						
						5112e65ef2 
					 
					
						
						
							
							Fixed   #20869  -- made CSRF tokens change every request by salt-encrypting them  
						
						... 
						
						
						
						Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews. 
						
						
					 
					
						2016-05-19 05:02:19 +03:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						9baf692a58 
					 
					
						
						
							
							Fixed   #26601  -- Improved middleware per DEP 0005.  
						
						... 
						
						
						
						Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP. 
						
						
					 
					
						2016-05-17 07:22:22 -04:00 
						 
				 
			
				
					
						
							
							
								rowanv 
							
						 
					 
					
						
						
							
						
						a6ef025dfb 
					 
					
						
						
							
							Fixed   #26124  -- Added missing code formatting to docs headers.  
						
						
						
						
					 
					
						2016-02-01 10:42:05 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						54848a96dd 
					 
					
						
						
							
							Removed versionadded/changed annotations for 1.8.  
						
						
						
						
					 
					
						2015-09-23 19:31:11 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						849037af36 
					 
					
						
						
							
							Refs  #23957  -- Required session verification per deprecation timeline.  
						
						
						
						
					 
					
						2015-09-23 19:31:10 -04:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						64982cc2fb 
					 
					
						
						
							
							Updated Wikipedia links to use https  
						
						
						
						
					 
					
						2015-08-08 12:02:32 +02:00 
						 
				 
			
				
					
						
							
							
								jorgecarleitao 
							
						 
					 
					
						
						
							
						
						7c642cafbb 
					 
					
						
						
							
							Fixed typo in docs/ref/middleware.txt  
						
						
						
						
					 
					
						2015-07-27 07:15:49 -04:00 
						 
				 
			
				
					
						
							
							
								Jan Pazdziora 
							
						 
					 
					
						
						
							
						
						a570701e02 
					 
					
						
						
							
							Fixed   #25029  -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.  
						
						
						
						
					 
					
						2015-07-02 17:38:10 -04:00 
						 
				 
			
				
					
						
							
							
								Marissa Zhou 
							
						 
					 
					
						
						
							
						
						8b1f39a727 
					 
					
						
						
							
							Fixed   #24796  -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.  
						
						... 
						
						
						
						Also moved it in the project template. 
						
						
					 
					
						2015-06-08 12:32:38 -04:00 
						 
				 
			
				
					
						
							
							
								Dave Hodder 
							
						 
					 
					
						
						
							
						
						08c980d752 
					 
					
						
						
							
							Updated capitalization in the word "JavaScript" for consistency  
						
						
						
						
					 
					
						2015-05-01 13:26:42 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						c79faae761 
					 
					
						
						
							
							Removed versionadded/changed notes for 1.7.  
						
						
						
						
					 
					
						2015-02-01 21:02:40 -05:00 
						 
				 
			
				
					
						
							
							
								Berker Peksag 
							
						 
					 
					
						
						
							
						
						df0523debc 
					 
					
						
						
							
							Fixed   #23531  -- Added CommonMiddleware.response_redirect_class.  
						
						
						
						
					 
					
						2014-11-04 17:56:57 -05:00 
						 
				 
			
				
					
						
							
							
								Thomas Chaumeny 
							
						 
					 
					
						
						
							
						
						d3db878e4b 
					 
					
						
						
							
							Moved CSRF docs out of contrib.  
						
						
						
						
					 
					
						2014-11-03 07:47:39 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						52ef6a4726 
					 
					
						
						
							
							Fixed   #17101  -- Integrated django-secure and added check --deploy option  
						
						... 
						
						
						
						Thanks Carl Meyer for django-secure and for reviewing.
Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews. 
						
						
					 
					
						2014-09-12 15:05:23 -04:00