mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-03 10:39:12 +00:00
Code Issues 32 Releases Wiki Activity

Added notes to "Features deprecated in 1.2" about CSRF and SMTPConnection

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11788 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2009-12-03 14:48:47 +00:00
parent ce7c61d61e
commit 20c7e646ff
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/ref/contrib/csrf.txt
View File

@ -153,6 +153,8 @@ launch a CSRF attack on your site against that user. The
``@csrf_response_exempt`` decorator can be used to fix this, but only if the ``@csrf_response_exempt`` decorator can be used to fix this, but only if the
page doesn't also contain internal forms that require the token. page doesn't also contain internal forms that require the token.
.. _ref-csrf-upgrading-notes:
Upgrading notes Upgrading notes
--------------- ---------------

24
docs/releases/1.2.txt
View File

@ -26,13 +26,13 @@ There have been large changes to the way that CSRF protection works, detailed in
changes that developers must be aware of: changes that developers must be aware of:
* ``CsrfResponseMiddleware`` and ``CsrfMiddleware`` have been deprecated, and * ``CsrfResponseMiddleware`` and ``CsrfMiddleware`` have been deprecated, and
will be removed completely in Django 1.4, in favour of a template tag that will be removed completely in Django 1.4, in favor of a template tag that
should be inserted into forms. should be inserted into forms.
* All contrib apps use a ``csrf_protect`` decorator to protect the view. This * All contrib apps use a ``csrf_protect`` decorator to protect the view. This
requires the use of the csrf_token template tag in the template, so if you requires the use of the csrf_token template tag in the template, so if you
have used custom templates for contrib views, you MUST READ THE UPGRADE have used custom templates for contrib views, you MUST READ THE :ref:`UPGRADE
INSTRUCTIONS to fix those templates. INSTRUCTIONS <ref-csrf-upgrading-notes>` to fix those templates.
* ``CsrfViewMiddleware`` is included in :setting:`MIDDLEWARE_CLASSES` by * ``CsrfViewMiddleware`` is included in :setting:`MIDDLEWARE_CLASSES` by
default. This turns on CSRF protection by default, so that views that accept default. This turns on CSRF protection by default, so that views that accept
@ -72,7 +72,23 @@ changes:
Features deprecated in 1.2 Features deprecated in 1.2
========================== ==========================
None. CSRF response rewriting middleware
----------------------------------
``CsrfResponseMiddleware``, the middleware that automatically inserted CSRF
tokens into POST forms in outgoing pages, has been deprecated in favor of a
template tag method (see above), and will be removed completely in Django
1.4. ``CsrfMiddleware``, which includes the functionality of
``CsrfResponseMiddleware`` and ``CsrfViewMiddleware`` has likewise been
deprecated.
Also, the CSRF module has moved from contrib to core, and the old imports are
deprecated, as described in the :ref:`upgrading notes <ref-csrf-upgrading-notes>`.
``SMTPConnection``
------------------
This class has been deprecated in favor of the new generic e-mail backends.
What's new in Django 1.2 What's new in Django 1.2
======================== ========================