django http://cgit.adnoto.dev/django.git/atom?h=fix-31295 2011-04-02T08:33:40Z 2011-04-02T08:33:40Z Russell Keith-Magee russell@keith-magee.com 2011-04-02T08:33:40Z urn:sha1:fe124152315ef21c0673b12ecd2d5f0bd6f271b2 git-svn-id: http://code.djangoproject.com/svn/django/trunk@15971 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-10-11T12:20:07Z Russell Keith-Magee russell@keith-magee.com 2010-10-11T12:20:07Z urn:sha1:1070c57b83efdfd4fbed09280fcdaafc6d9c1a81 git-svn-id: http://code.djangoproject.com/svn/django/trunk@14138 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-10-27T00:36:34Z Luke Plant L.Plant.98@cantab.net 2009-10-27T00:36:34Z urn:sha1:7230a995ce81a7b8dd093bd03cc5ebd34106ee80 There is stub code for backwards compatiblity with Django 1.1 imports. The documentation has been updated, but has been left in docs/contrib/csrf.txt for now, in order to avoid dead links to documentation on the website. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-10-26T23:23:07Z Luke Plant L.Plant.98@cantab.net 2009-10-26T23:23:07Z urn:sha1:8e70cef9b67433edd70935dcc30c621d1e7fc0a0 This is a large change to CSRF protection for Django. It includes: * removing the dependency on the session framework. * deprecating CsrfResponseMiddleware, and replacing with a core template tag. * turning on CSRF protection by default by adding CsrfViewMiddleware to the default value of MIDDLEWARE_CLASSES. * protecting all contrib apps (whatever is in settings.py) using a decorator. For existing users of the CSRF functionality, it should be a seamless update, but please note that it includes DEPRECATION of features in Django 1.1, and there are upgrade steps which are detailed in the docs. Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work on the patch, and to lots of other people including Simon Willison and Russell Keith-Magee who refined the ideas. Details of the rationale for these changes is found here: http://code.djangoproject.com/wiki/CsrfProtection As of this commit, the CSRF code is mainly in 'contrib'. The code will be moved to core in a separate commit, to make the changeset as readable as possible. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-10-24T10:45:58Z Luke Plant L.Plant.98@cantab.net 2009-10-24T10:45:58Z urn:sha1:a02a6fab66afc9462c79cc4914f4624b640165f4 Thanks to carljm for report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-04-21T23:31:01Z Luke Plant L.Plant.98@cantab.net 2009-04-21T23:31:01Z urn:sha1:71233bcdf3c90098531901da4e380165ed0059d4 Thanks to Ryszard Szopa for the report and fix git-svn-id: http://code.djangoproject.com/svn/django/trunk@10617 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-02-07T19:32:37Z Luke Plant L.Plant.98@cantab.net 2009-02-07T19:32:37Z urn:sha1:0326574d0ecf2eeded92d66855822dd2e602297f git-svn-id: http://code.djangoproject.com/svn/django/trunk@9817 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-02-07T18:06:32Z Luke Plant L.Plant.98@cantab.net 2009-02-07T18:06:32Z urn:sha1:95ed07e888cfe36fd7138b15ac7cb157194c0b1c git-svn-id: http://code.djangoproject.com/svn/django/trunk@9816 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2009-02-07T17:47:02Z Luke Plant L.Plant.98@cantab.net 2009-02-07T17:47:02Z urn:sha1:9a2e33810789017dfb2cbe46afa01f3f45357757 This commit also decomposes the decorator into two decorators which can be used separately, adds some tests, updates docs and fixes some code comments. git-svn-id: http://code.djangoproject.com/svn/django/trunk@9815 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-12-03T13:23:23Z Luke Plant L.Plant.98@cantab.net 2008-12-03T13:23:23Z urn:sha1:9c33d74f1dbc71dc295f11c1be2f1146a487e611 git-svn-id: http://code.djangoproject.com/svn/django/trunk@9561 bcc190cf-cafb-0310-a4f2-bffc1f526a37