Carlton Gibson
9446950470
Refs #28699 -- Clarified CSRF middleware ordering in relation to RemoteUserMiddleware.
2019-10-02 13:11:03 +02:00
Nick Pope
406dba04e1
Fixed #29406 -- Added support for Referrer-Policy header.
...
Thanks to James Bennett for the initial implementation.
2019-09-09 13:35:41 +02:00
Nick Pope
fc62e16291
Standardized links for headers in security middleware documentation.
2019-09-09 13:35:17 +02:00
Mariusz Felisiak
5ab75adb90
Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.
2019-06-03 14:08:51 +02:00
Carlton Gibson
bae66e759f
Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.
2019-01-30 11:02:26 -05:00
Daniel Musketa
ca2856fb62
Fixed typo in docs/ref/middleware.txt.
2018-11-14 09:47:22 -05:00
Daniel Hepper
a6fb5b1fe0
Remove documenation for non-existent middleware ( #9998 )
...
The docs contained a reference to the class
django.middleware.exception.ExceptionMiddleware. This class was introduced in
05c888ffb8
. It was removed in 7d1b69dbe7
, but the documentation remained.
2018-05-27 16:08:50 +02:00
Mariusz Felisiak
7c81b28ebc
Updated various links in docs to use HTTPS.
2018-01-07 14:28:41 +01:00
Tim Graham
bc95314ca6
Fixed #28786 -- Doc'd middleware ordering considerations due to CommonMiddleware setting Content-Length.
2017-11-14 12:01:24 -05:00
Tim Graham
8f8a4d10d3
Refs #26447 -- Removed outdated ETag comment in CommonMiddleware.
...
Follow up to 48d57788ee
.
2017-11-11 20:45:17 -05:00
Tim Graham
5446b72003
Removed versionadded/changed annotations for 1.11.
2017-09-22 12:51:18 -04:00
Tim Graham
48d57788ee
Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.
2017-09-22 12:51:18 -04:00
Claude Paroz
01f658644a
Updated various links in docs to avoid redirects
...
Thanks Tim Graham and Mariusz Felisiak for review and completion.
2017-05-22 19:28:44 +02:00
Tim Graham
e27e4c0339
Removed versionadded/changed annotations for 1.10.
2017-01-17 20:52:05 -05:00
Raphael Michel
ddf169cdac
Refs #16859 -- Allowed storing CSRF tokens in sessions.
...
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-30 08:57:27 -05:00
Tim Graham
7301770254
Fixed typo in docs/ref/middleware.txt.
2016-11-06 13:22:08 +01:00
Adam Malinowski
37809b891e
Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware.
2016-11-05 22:24:54 +01:00
Tim Graham
61f9243e51
Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.
2016-10-14 12:48:03 -04:00
Kevin Christopher Henry
ad332e5ca9
Refs #19705 -- Made GZipMiddleware make ETags weak.
...
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
2016-10-13 14:22:54 -04:00
Denis Cornehl
a840710e1e
Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.
2016-10-10 14:55:59 -04:00
Tim Graham
ef021412d5
Normalized spelling of ETag.
2016-09-09 11:00:21 -04:00
Ed Morley
3c2447dd13
Fixed #26947 -- Added an option to enable the HSTS header preload directive.
2016-08-10 20:23:54 -04:00
Ed Morley
8c3bc5cd78
Fixed docs to refer to HSTS includeSubdomains as a directive.
...
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-08-08 20:20:49 -04:00
Claude Paroz
9588718cd4
Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
...
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
Tim Graham
46a38307c2
Removed versionadded/changed annotations for 1.9.
2016-05-20 11:44:29 -04:00
Shai Berger
5112e65ef2
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
...
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
rowanv
a6ef025dfb
Fixed #26124 -- Added missing code formatting to docs headers.
2016-02-01 10:42:05 -05:00
Tim Graham
54848a96dd
Removed versionadded/changed annotations for 1.8.
2015-09-23 19:31:11 -04:00
Tim Graham
849037af36
Refs #23957 -- Required session verification per deprecation timeline.
2015-09-23 19:31:10 -04:00
Claude Paroz
64982cc2fb
Updated Wikipedia links to use https
2015-08-08 12:02:32 +02:00
jorgecarleitao
7c642cafbb
Fixed typo in docs/ref/middleware.txt
2015-07-27 07:15:49 -04:00
Jan Pazdziora
a570701e02
Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.
2015-07-02 17:38:10 -04:00
Marissa Zhou
8b1f39a727
Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.
...
Also moved it in the project template.
2015-06-08 12:32:38 -04:00
Dave Hodder
08c980d752
Updated capitalization in the word "JavaScript" for consistency
2015-05-01 13:26:42 -04:00
Tim Graham
c79faae761
Removed versionadded/changed notes for 1.7.
2015-02-01 21:02:40 -05:00
Berker Peksag
df0523debc
Fixed #23531 -- Added CommonMiddleware.response_redirect_class.
2014-11-04 17:56:57 -05:00
Thomas Chaumeny
d3db878e4b
Moved CSRF docs out of contrib.
2014-11-03 07:47:39 -05:00
Tim Graham
52ef6a4726
Fixed #17101 -- Integrated django-secure and added check --deploy option
...
Thanks Carl Meyer for django-secure and for reviewing.
Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews.
2014-09-12 15:05:23 -04:00
Claude Paroz
0b5bafe993
Removed reference to old middleware
2014-06-30 20:36:18 +02:00
Aymeric Augustin
df09d85482
Fixed #17552 -- Removed a hack for IE6 and earlier.
...
It prevented the GZipMiddleware from compressing some data types even on
more recent version of IE where the corresponding bug was fixed.
Thanks Aaron Cannon for the report and Tim Graham for the review.
2014-06-10 08:42:31 +02:00
Claude Paroz
756c390fb5
Fixed #20816 -- Added hints about Django middleware ordering
...
Thanks gthb Trac user for the report, kolypto StackOverflow
user for the initial list and Tim Graham for the review.
2014-05-22 18:33:10 +02:00
Tim Graham
465980d070
Added RemoteUserMiddleware to middleware reference page.
2014-04-16 07:22:15 -04:00
Tim Graham
fd23c06023
Fixed #21649 -- Added optional invalidation of sessions when user password changes.
...
Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-04-05 12:50:51 -04:00
Tim Graham
51c8045145
Removed versionadded/changed annotations for 1.6.
2014-03-24 11:42:56 -04:00
Thomas Schreiber
907ac64641
Fixed typos in docs (django.contrib.site)
2014-03-21 19:56:31 +01:00
Rodolfo Carvalho
2b6436e2d5
Fixed some typos and formatting issues in docs.
2014-03-03 08:37:17 -05:00
Christopher Medrela
b22d6c47a7
Fixed #17005 -- Added CurrentSiteMiddleware to set the current site on each request.
...
Thanks jordan at aace.org for the suggestion.
2014-02-06 04:45:49 -05:00
Emil Stenström
7a97df190c
Fixed #19277 -- Added LocaleMiddleware.response_redirect_class
...
Thanks ppetrid at yawd.eu for the suggestion.
2013-10-03 16:15:29 -04:00
Tim Graham
da843e7dba
Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
...
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.
2013-09-11 08:17:15 -04:00