1
0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00
Commit Graph

9 Commits

Author SHA1 Message Date
Luke Plant
97ee7a3baf [1.1.X] Fixed #10996 - documented login CSRF vulnerabilities in the CsrfMiddleware
1.1.X branch only fix - trunk is completely different now.



git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@11662 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:38:28 +00:00
Luke Plant
1f0266bd18 [1.1.X] Fixed #9163 - CsrfMiddleware needs to reset ETag header
Thanks to carljm for report and patch.

Backport of r11650 from trunk


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@11651 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 11:27:59 +00:00
Luke Plant
20f7e51493 Reverted 10094 and 10095 (in favour of solution that will hopefully land for beta 2)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:02:46 +00:00
Luke Plant
2d28724730 Added CSRF middleware to default settings and updated docs.
Updated docs to reflect the change, and the fact that using the
two separate middleware is preferred to using the combined one.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-19 23:14:20 +00:00
Luke Plant
9a2e338107 Made CSRF middleware skip post-processing for 'csrf_exempt' decorated views.
This commit also decomposes the decorator into two decorators which can be
used separately, adds some tests, updates docs and fixes some code comments.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@9815 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-07 17:47:02 +00:00
Adrian Holovaty
e9b90d9899 Edited ref/contrib/csrf.txt changes from [9554]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-08 04:15:19 +00:00
Luke Plant
9ec9936413 Updated csrf docs with 'versionadded' info
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9555 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 00:44:12 +00:00
Luke Plant
9eedc7bd0b New CsrfMiddleware features: automatic exceptions for known AJAX and decorator for manual exceptions
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 00:34:18 +00:00
Jacob Kaplan-Moss
97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00