1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Go to file
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
.tx Removed contrib-messages entry in Transifex config file 2016-06-29 21:11:30 +02:00
django Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 2019-07-01 07:48:04 +02:00
docs Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 2019-07-01 07:48:04 +02:00
extras Fixed #30283 -- Fixed shellcheck warnings in django_bash_completion. 2019-03-23 11:56:44 -04:00
js_tests Bumped minimum ESLint version to 4.18.2. 2019-06-21 17:57:35 +02:00
scripts Capitalized "Python" in docs and comments. 2018-10-09 09:26:07 -04:00
tests Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 2019-07-01 07:48:04 +02:00
.editorconfig Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
.eslintignore Refs #16501, #26474 -- Added xregexp.js source file. 2016-06-06 09:25:02 -04:00
.eslintrc
.gitattributes Fixed #19670 -- Applied CachedFilesMixin patterns to specific extensions 2016-03-30 14:34:41 +02:00
.gitignore Fixed #22446 -- Added tox.ini to automate pull request checks. 2016-07-20 14:06:28 -04:00
.hgignore
AUTHORS Fixed #30421 -- Allowed symmetrical intermediate table for self-referential ManyToManyField. 2019-06-21 15:03:17 +02:00
CONTRIBUTING.rst
Gruntfile.js Fixed qunit tests (coverage still missing). (#7716) 2016-12-19 18:45:37 +01:00
INSTALL Fixed #30116 -- Dropped support for Python 3.5. 2019-01-30 10:19:48 -05:00
LICENSE
LICENSE.python Fixed #29261 -- Doc'd the reason for LICENSE.python. 2018-06-29 20:00:58 -04:00
MANIFEST.in
package.json Bumped minimum ESLint version to 4.18.2. 2019-06-21 17:57:35 +02:00
README.rst Removed dead links to botbot.me. 2018-11-10 17:25:10 -05:00
setup.cfg Removed deprecated license-file from setup.cfg. 2019-05-08 10:20:35 +02:00
setup.py Fixed #30451 -- Added ASGI handler and coroutine-safety. 2019-06-20 12:29:43 +02:00
tox.ini Fixed #30367 -- Changed "pip install" to "python -m pip install" in docs, comments and hints. 2019-04-18 14:41:15 +02:00

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Thanks for checking it out.

All documentation is in the "``docs``" directory and online at
https://docs.djangoproject.com/en/stable/. If you're just getting started,
here's how we recommend you read the docs:

* First, read ``docs/intro/install.txt`` for instructions on installing Django.

* Next, work through the tutorials in order (``docs/intro/tutorial01.txt``,
  ``docs/intro/tutorial02.txt``, etc.).

* If you want to set up an actual deployment server, read
  ``docs/howto/deployment/index.txt`` for instructions.

* You'll probably want to read through the topical guides (in ``docs/topics``)
  next; from there you can jump to the HOWTOs (in ``docs/howto``) for specific
  problems, and check out the reference (``docs/ref``) for gory details.

* See ``docs/README`` for instructions on building an HTML version of the docs.

Docs are updated rigorously. If you find any problems in the docs, or think
they should be clarified in any way, please take 30 seconds to fill out a
ticket here: https://code.djangoproject.com/newticket

To get more help:

* Join the ``#django`` channel on irc.freenode.net. Lots of helpful people hang
  out there. See https://en.wikipedia.org/wiki/Wikipedia:IRC/Tutorial if you're
  new to IRC.

* Join the django-users mailing list, or read the archives, at
  https://groups.google.com/group/django-users.

To contribute to Django:

* Check out https://docs.djangoproject.com/en/dev/internals/contributing/ for
  information about getting involved.

To run Django's test suite:

* Follow the instructions in the "Unit tests" section of
  ``docs/internals/contributing/writing-code/unit-tests.txt``, published online at
  https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/unit-tests/#running-the-unit-tests