mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-09-17 22:49:35 +00:00
Code Issues 32 Releases Wiki Activity
33,868 Commits 30 Branches 456 Tags
Commit Graph

113 Commits

Author SHA1 Message Date
David Smith
f81e6e3a53 Refs #36485 -- Rewrapped docs to 79 columns line length. 
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
 2025-08-25 10:51:10 -03:00
Natalia
4286a23df6 Refs #36485 -- Removed double spaces after periods in sentences. 2025-08-25 10:51:10 -03:00
David Smith
6f8e23d1c1 Refs #36485 -- Removed unnecessary parentheses in :meth: and :func: roles in docs. 2025-08-25 10:51:10 -03:00
Rob Hudson
d63241ebc7 Fixed #15727 -- Added Content Security Policy (CSP) support. 
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.

Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.

Thanks to the multiple reviewers for their precise and valuable feedback.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-06-27 15:57:02 -03:00
Sarah Boyce
810edfd742 Removed versionadded/changed annotations for 5.1. 
This also removes remaining versionadded/changed annotations for older
versions.
 2025-01-15 22:28:37 +01:00
nessita
1feedc8ef8
Reindented attributes and methods for classes in docs/ref/middleware.txt. 2024-10-02 14:21:10 -03:00
Aditya Chaudhary
efc3b0c627
Fixed #35670 -- Clarified the return value for LoginRequiredMiddleware's methods. 2024-10-02 13:15:21 -03:00
Adam Johnson
49815f70e4 Refs #31405 -- Improved LoginRequiredMiddleware documentation. 
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-08-08 10:05:31 +02:00
lufafajoshua
e2428292ab Fixed #35401 -- Documented the conditional_page() decorator. 2024-06-12 13:11:29 +02:00
lufafajoshua
708b01c795 Refs #35401 -- Linked the CsrfViewMiddleware docs to the csrf_protect() decorator. 2024-06-12 13:11:29 +02:00
Hisham Mahmood
c7fc9f20b4 Fixed #31405 -- Added LoginRequiredMiddleware. 
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-05-22 08:51:17 +02:00
Mariusz Felisiak
295467c04a Removed versionadded/changed annotations for 4.2. 
This also removes remaining versionadded/changed annotations for older
versions.
 2023-09-18 22:12:40 +02:00
django-bot
14459f80ee Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
Andreas Pelme
ab7a85ac29 Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. 2022-12-17 08:46:37 +01:00
Mariusz Felisiak
514884e9a5
Updated various links to HTTPS and new locations. 2022-12-06 05:59:43 +01:00
Nick Pope
9bd174b9a7 Updated documentation and comments for RFC updates. 
- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
 2022-11-10 13:52:17 +01:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
tommcn
8e63390640 Corrected CSRF reference in middleware docs. 2022-03-17 06:03:10 +01:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Tim Graham
54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
bankc
db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header. 
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
 2021-03-30 19:59:24 +02:00
Carlton Gibson
ad11f5b8c9 Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. 2020-10-22 14:15:19 +02:00
Mariusz Felisiak
4c5236ef93 Removed versionadded/changed annotations for 3.0. 2020-05-13 09:07:51 +02:00
Min ho Kim
103a6f4307 Fixed some typos in comments and docs. 
Thanks to Mads Jenson for review.
 2019-10-02 15:50:46 +02:00
Mar Sánchez
f1d4a540b2 Refs #15396 -- Mentioned full path to GZipMiddleware in documentation. 2019-10-02 14:39:01 +02:00
Carlton Gibson
9446950470 Refs #28699 -- Clarified CSRF middleware ordering in relation to RemoteUserMiddleware. 2019-10-02 13:11:03 +02:00
Nick Pope
406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header. 
Thanks to James Bennett for the initial implementation.
 2019-09-09 13:35:41 +02:00
Nick Pope
fc62e16291 Standardized links for headers in security middleware documentation. 2019-09-09 13:35:17 +02:00
Mariusz Felisiak
5ab75adb90 Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0. 2019-06-03 14:08:51 +02:00
Carlton Gibson
bae66e759f Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. 2019-01-30 11:02:26 -05:00
Daniel Musketa
ca2856fb62 Fixed typo in docs/ref/middleware.txt. 2018-11-14 09:47:22 -05:00
Daniel Hepper
a6fb5b1fe0 Remove documenation for non-existent middleware (#9998) 
The docs contained a reference to the class
django.middleware.exception.ExceptionMiddleware. This class was introduced in
05c888ffb843. It was removed in 7d1b69dbe7, but the documentation remained.
 2018-05-27 16:08:50 +02:00
Mariusz Felisiak
7c81b28ebc
Updated various links in docs to use HTTPS. 2018-01-07 14:28:41 +01:00
Tim Graham
bc95314ca6 Fixed #28786 -- Doc'd middleware ordering considerations due to CommonMiddleware setting Content-Length. 2017-11-14 12:01:24 -05:00
Tim Graham
8f8a4d10d3 Refs #26447 -- Removed outdated ETag comment in CommonMiddleware. 
Follow up to 48d57788ee56811fa77cd37b9edf40535f82d87e.
 2017-11-11 20:45:17 -05:00
Tim Graham
5446b72003 Removed versionadded/changed annotations for 1.11. 2017-09-22 12:51:18 -04:00
Tim Graham
48d57788ee Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. 2017-09-22 12:51:18 -04:00
Claude Paroz
01f658644a Updated various links in docs to avoid redirects 
Thanks Tim Graham and Mariusz Felisiak for review and completion.
 2017-05-22 19:28:44 +02:00
Tim Graham
e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Raphael Michel
ddf169cdac Refs #16859 -- Allowed storing CSRF tokens in sessions. 
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
 2016-11-30 08:57:27 -05:00
Tim Graham
7301770254 Fixed typo in docs/ref/middleware.txt. 2016-11-06 13:22:08 +01:00
Adam Malinowski
37809b891e Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware. 2016-11-05 22:24:54 +01:00
Tim Graham
61f9243e51 Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. 2016-10-14 12:48:03 -04:00
Kevin Christopher Henry
ad332e5ca9 Refs #19705 -- Made GZipMiddleware make ETags weak. 
Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression.
 2016-10-13 14:22:54 -04:00
Denis Cornehl
a840710e1e Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware. 2016-10-10 14:55:59 -04:00
Tim Graham
ef021412d5 Normalized spelling of ETag. 2016-09-09 11:00:21 -04:00
Ed Morley
3c2447dd13 Fixed #26947 -- Added an option to enable the HSTS header preload directive. 2016-08-10 20:23:54 -04:00
Ed Morley
8c3bc5cd78 Fixed docs to refer to HSTS includeSubdomains as a directive. 
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
 2016-08-08 20:20:49 -04:00