mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-23 00:34:37 +00:00
Code Issues 32 Releases Wiki Activity
django/docs/ref
History
Carlton Gibson 77706a3e47 [2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
2019-07-01 07:50:48 +02:00
..
class-based-views
Fixed #29750 -- Added View.setup() hook for class-based views.
2018-12-21 19:01:11 -05:00
contrib
[2.2.x] Fixed intword example in docs/ref/contrib/humanize.txt.
2019-06-11 22:12:24 +02:00
files
[2.2.x] Fixed "byte string" typo in various docs and comments.
2019-03-28 10:01:36 +01:00
forms
[2.2.x] Changed docs to link to Python's description of iterable.
2019-05-17 17:27:57 +02:00
models
[2.2.x] Fixed typo in docs/ref/models/indexes.txt.
2019-06-24 09:01:12 +02:00
templates
[2.2.x] Refs #20122 -- Corrected documentation of pluralize template filter.
2019-05-03 11:53:56 +02:00
applications.txt
Used auto-numbered lists in documentation.
2018-11-15 13:54:28 -05:00
checks.txt
[2.2.x] Fixed #30312 -- Relaxed admin check from django.contrib.sessions to SessionMiddleware subclasses.
2019-04-26 11:51:28 +02:00
clickjacking.txt
Used auto-numbered lists in documentation.
2018-11-15 13:54:28 -05:00
csrf.txt
[2.2.x] Fixed #30299 -- Removed jQuery dependency from getCookie() in CSRF docs.
2019-03-28 19:57:01 -04:00
databases.txt
[2.2.x] Fixed #30199 -- Adjusted QuerySet.get_or_create() docs to highlight atomicity warning.
2019-05-17 12:25:12 +02:00
django-admin.txt
[2.2.x] Fixed typo in docs/ref/django-admin.txt.
2019-05-07 12:59:14 +02:00
exceptions.txt
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
index.txt
Moved CSRF docs out of contrib.
2014-11-03 07:47:39 -05:00
middleware.txt
[2.2.x] Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.
2019-06-10 16:57:50 +02:00
migration-operations.txt
Fixed typo in docs/ref/migration-operations.txt.
2019-01-02 17:56:25 -05:00
request-response.txt
[2.2.x] Refs #30565 -- Doc'd HttpResponse.close() method.
2019-06-20 11:49:52 +02:00
schema-editor.txt
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
settings.txt
[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
2019-07-01 07:50:48 +02:00
signals.txt
[2.2.x] Fixed typos in signals and custom management commands docs.
2019-06-19 08:41:51 +02:00
template-response.txt
Fixed typo in docs/ref/template-response.txt.
2016-04-18 07:50:13 -04:00
unicode.txt
[2.2.x] Removed unnecessary /static from links to PostgreSQL docs.
2019-03-29 21:50:28 -04:00
urlresolvers.txt
Fixed #28766 -- Added ResolverMatch.route.
2018-12-06 18:05:40 -05:00
urls.txt
Refs #24733 -- Documented arguments for custom error views.
2018-07-31 17:02:40 -04:00
utils.txt
[2.2.x] Refs #30278 -- Fixed link in cached_property docs.
2019-03-30 09:35:21 -04:00
validators.txt
Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value.
2018-10-22 10:26:54 -04:00
views.txt
Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
2017-09-20 18:04:42 -04:00