mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-11-18 15:34:16 +00:00
Code Issues 24 Releases Wiki Activity
5112e65ef2
django/docs/topics
History
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
..
_images
auth Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
class-based-views Fixed typo in docs/topics/class-based-views/mixins.txt 2016-04-18 20:25:54 -04:00
db Fixed #10506, #13793, #14891, #25201 -- Introduced new APIs to specify models' default and base managers. 2016-05-17 12:07:22 +07:00
forms Fixed #22383 -- Added support for HTML5 required attribute on required form fields. 2016-04-21 19:16:38 -04:00
http Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
i18n Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
testing Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
cache.txt Fixed #26601 -- Improved middleware per DEP 0005. 2016-05-17 07:22:22 -04:00
checks.txt Refs #26351 -- Added check hook to support database-related checks 2016-04-08 20:28:00 +02:00
conditional-view-processing.txt Fixed typo in docs/topics/conditional-view-processing.txt 2016-05-12 20:07:34 -04:00
email.txt
external-packages.txt Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
files.txt Fixed #26483 -- Updated docs.python.org links to use Intersphinx. 2016-05-08 18:07:43 -04:00
index.txt
install.txt Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
logging.txt Fixed #26483 -- Updated docs.python.org links to use Intersphinx. 2016-05-08 18:07:43 -04:00
migrations.txt
pagination.txt Refs #14131 -- Documented why paginating large QuerySets may be slow. 2016-04-06 11:06:38 -04:00
performance.txt
python3.txt Fixed #26483 -- Updated docs.python.org links to use Intersphinx. 2016-05-08 18:07:43 -04:00
security.txt Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
serialization.txt Fixed #26483 -- Updated docs.python.org links to use Intersphinx. 2016-05-08 18:07:43 -04:00
settings.txt Clarified that setting names must be uppercase. 2016-05-03 12:53:24 -04:00
signals.txt Fixed #26493 -- Documented how built-in signals are sent. 2016-04-13 07:48:18 -04:00
signing.txt
templates.txt Fixed #26410 -- Added a docs example for loader.render_to_string(). 2016-03-31 08:31:55 -04:00