mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-12 03:15:47 +00:00
Code Issues 32 Releases Wiki Activity
5112e65ef2
django/docs/ref
History
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
..
class-based-views
contrib Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
files Fixed #26508 -- Clarified docs for various FieldFile methods. 2016-05-07 12:16:42 -04:00
forms Refs #8898 -- Documented requirement to use SplitDateTimeField with SplitDateTimeWidget. 2016-05-07 20:01:15 -04:00
models Fixed #26620 -- Made Model.refresh_from_db() fail when passed unknown kwargs. 2016-05-18 09:27:23 -04:00
templates Fixed #24046 -- Deprecated the "escape" half of utils.safestring. 2016-05-10 12:46:47 -04:00
applications.txt Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
checks.txt Refs #26601 -- Added a warning if both MIDDLEWARE AND MIDDLEWARE_CLASSES are set. 2016-05-17 07:24:45 -04:00
clickjacking.txt Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
csrf.txt Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
databases.txt
django-admin.txt
exceptions.txt Fixed #21231 -- Enforced a max size for GET/POST values read into memory. 2016-05-12 10:17:52 -04:00
index.txt
middleware.txt Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
migration-operations.txt
request-response.txt Fixed #26636 -- Fixed typo in docs/ref/request-response.txt 2016-05-18 21:39:08 -04:00
schema-editor.txt
settings.txt Refs #26601 -- Deprecated old-style middleware. 2016-05-17 07:22:26 -04:00
signals.txt Fixed #24100 -- Made the migration signals dispatch its plan and apps. 2016-05-15 19:51:15 -04:00
template-response.txt
unicode.txt
urlresolvers.txt
urls.txt
utils.txt Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
validators.txt
views.txt Fixed #26567 -- Updated references to obsolete RFC2616. 2016-05-03 11:14:40 -04:00