1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Go to file
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
.tx Added contrib.postgres translation catalog 2015-01-18 21:02:54 +01:00
django Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
docs Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
extras Fixed #25222 -- Avoided installing django_bash_completion for python*-config. 2015-08-04 14:27:31 -04:00
js_tests Updated qunit to 1.23.1. 2016-05-16 13:28:16 -04:00
scripts Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
tests Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
.editorconfig Fixed #22463 -- Added code style guide and JavaScript linting (EditorConfig and ESLint) 2015-06-27 16:36:26 -04:00
.eslintignore Fixed #22463 -- Added code style guide and JavaScript linting (EditorConfig and ESLint) 2015-06-27 16:36:26 -04:00
.eslintrc Fixed #25165 -- Removed inline JavaScript from the admin. 2015-12-05 15:51:57 -05:00
.gitattributes Fixed #19670 -- Applied CachedFilesMixin patterns to specific extensions 2016-03-30 14:34:41 +02:00
.gitignore Added a note in .gitignore to discourage pull requests containing IDE specific files. 2015-08-18 19:46:28 -04:00
.hgignore Synced .hgignore with .gitignore 2015-07-01 10:23:05 -04:00
AUTHORS Fixed #24305 -- Allowed overriding fields on abstract models. 2016-05-16 07:32:21 -04:00
CONTRIBUTING.rst Added link to the code of conduct from contributing guides. 2015-04-17 18:12:41 -04:00
Gruntfile.js DEP 0003 -- Added JavaScript unit tests. 2015-06-30 21:04:16 -04:00
INSTALL
LICENSE Whitespace cleanup. 2013-10-10 16:49:20 -04:00
LICENSE.python Updated Python license for 2016. 2016-01-19 06:43:32 -05:00
MANIFEST.in Simplified MANIFEST.in 2015-12-12 12:07:21 -05:00
package.json Refs #25803 -- Documented npm compatibility in package.json 2015-12-08 15:13:22 -05:00
README.rst Updated contributing link in the README. 2015-03-02 08:23:18 -05:00
setup.cfg Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
setup.py Refs #26033 -- Added password hasher support for Argon2 v1.3. 2016-04-25 21:17:53 -04:00

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Thanks for checking it out.

All documentation is in the "docs" directory and online at
https://docs.djangoproject.com/en/stable/. If you're just getting started,
here's how we recommend you read the docs:

* First, read docs/intro/install.txt for instructions on installing Django.

* Next, work through the tutorials in order (docs/intro/tutorial01.txt,
  docs/intro/tutorial02.txt, etc.).

* If you want to set up an actual deployment server, read
  docs/howto/deployment/index.txt for instructions.

* You'll probably want to read through the topical guides (in docs/topics)
  next; from there you can jump to the HOWTOs (in docs/howto) for specific
  problems, and check out the reference (docs/ref) for gory details.

* See docs/README for instructions on building an HTML version of the docs.

Docs are updated rigorously. If you find any problems in the docs, or think
they should be clarified in any way, please take 30 seconds to fill out a
ticket here: https://code.djangoproject.com/newticket

To get more help:

* Join the #django channel on irc.freenode.net. Lots of helpful people hang out
  there. Read the archives at http://django-irc-logs.com/.

* Join the django-users mailing list, or read the archives, at
  https://groups.google.com/group/django-users.

To contribute to Django:

* Check out https://docs.djangoproject.com/en/dev/internals/contributing/ for
  information about getting involved.

To run Django's test suite:

* Follow the instructions in the "Unit tests" section of
  docs/internals/contributing/writing-code/unit-tests.txt, published online at
  https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/unit-tests/#running-the-unit-tests