mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-25 14:46:09 +00:00
Code Issues 32 Releases Wiki Activity

Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline.

Browse Source
This commit is contained in:
Mariusz Felisiak
2023-01-12 12:47:42 +01:00
parent 2013a153db
commit af29139a55
8 changed files with 9 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/ref/settings.txt
View File

@@ -343,20 +343,6 @@ form input <acquiring-csrf-token-from-html>` instead of :ref:`from the cookie
See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``.
.. setting:: CSRF_COOKIE_MASKED
``CSRF_COOKIE_MASKED``
----------------------
Default: ``False``
Whether to mask the CSRF cookie. See
:ref:`release notes <csrf-cookie-masked-usage>` for usage details.
.. deprecated:: 4.1
This transitional setting is deprecated and will be removed in Django 5.0.
.. setting:: CSRF_COOKIE_NAME
``CSRF_COOKIE_NAME``

11
docs/releases/4.1.txt
View File

@@ -98,16 +98,15 @@ See :ref:`the Forms section (below)<forms-4.1>` for full details.
``CSRF_COOKIE_MASKED`` setting
------------------------------
The new :setting:`CSRF_COOKIE_MASKED` transitional setting allows specifying
whether to mask the CSRF cookie.
The new ``CSRF_COOKIE_MASKED`` transitional setting allows specifying whether
to mask the CSRF cookie.
:class:`~django.middleware.csrf.CsrfViewMiddleware` no longer masks the CSRF
cookie like it does the CSRF token in the DOM. If you are upgrading multiple
instances of the same project to Django 4.1, you should set
:setting:`CSRF_COOKIE_MASKED` to ``True`` during the transition, in
order to allow compatibility with the older versions of Django. Once the
transition to 4.1 is complete you can stop overriding
:setting:`CSRF_COOKIE_MASKED`.
``CSRF_COOKIE_MASKED`` to ``True`` during the transition, in order to allow
compatibility with the older versions of Django. Once the transition to 4.1 is
complete you can stop overriding ``CSRF_COOKIE_MASKED``.
This setting is deprecated as of this release and will be removed in Django
5.0.

2
docs/releases/5.0.txt
View File

@@ -306,3 +306,5 @@ See :ref:`deprecated-features-4.1` for details on these changes, including how
to remove usage of these features.
* The ``SitemapIndexItem.__str__()`` method is removed.
* The ``CSRF_COOKIE_MASKED`` transitional setting is removed.