1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Go to file
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
django Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 2009-10-26 23:23:07 +00:00
docs Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 2009-10-26 23:23:07 +00:00
examples
extras Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 2009-10-26 23:23:07 +00:00
scripts
tests Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 2009-10-26 23:23:07 +00:00
AUTHORS Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 2009-10-26 23:23:07 +00:00
INSTALL Fixed #8876 -- Fixed incorrect path to install.txt in INSTALL. Thanks, Tom Radcliffe 2008-09-06 00:07:14 +00:00
LICENSE Updated LICENSE file to acknowledge individual copyrights as well (after 2008-08-09 14:40:51 +00:00
MANIFEST.in Removed directories that no longer exist from the packaging manifest. 2009-05-02 16:04:44 +00:00
README Cleaned up a bunch of minor doc stuff: 2008-09-02 16:42:13 +00:00
setup.cfg
setup.py Add a trove classifier that I missed when I originally set these up. 2009-08-03 21:16:54 +00:00

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design.

All documentation is in the "docs" directory and online at
http://docs.djangoproject.com/en/dev/. If you're just getting started, here's
how we recommend you read the docs:

    * First, read docs/intro/install.txt for instructions on installing Django.

    * Next, work through the tutorials in order (docs/intro/tutorial01.txt,
      docs/intro/tutorial02.txt, etc.).

    * If you want to set up an actual deployment server, read
      docs/howto/deployment/modpython.txt for instructions on running Django
      under mod_python.

    * You'll probably want to read through the topical guides (in docs/topics)
      next; from there you can jump to the HOWTOs (in docs/howto) for specific
      problems, and check out the reference (docs/ref) for gory details.

Docs are updated rigorously. If you find any problems in the docs, or think they
should be clarified in any way, please take 30 seconds to fill out a ticket
here:

http://code.djangoproject.com/newticket

To get more help:

    * Join the #django channel on irc.freenode.net. Lots of helpful people
      hang out there. Read the archives at http://oebfare.com/logger/django/.

    * Join the django-users mailing list, or read the archives, at
      http://groups.google.com/group/django-users.

To contribute to Django:

    * Check out http://www.djangoproject.com/community/ for information
      about getting involved.