mirror of
https://github.com/django/django.git
synced 2025-10-27 23:56:08 +00:00
5112e65ef2
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
The documentation in this tree is in plain text files and can be viewed using any text file viewer. It uses ReST (reStructuredText) [1], and the Sphinx documentation system [2]. This allows it to be built into other forms for easier viewing and browsing. To create an HTML version of the docs: * Install Sphinx (using ``pip install Sphinx`` or some other method) * In this docs/ directory, type ``make html`` (or ``make.bat html`` on Windows) at a shell prompt. The documentation in _build/html/index.html can then be viewed in a web browser. [1] http://docutils.sourceforge.net/rst.html [2] http://sphinx-doc.org/