diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-05-31 21:29:35 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-05-31 21:29:35 +0000 |
| commit | 1a951fa8d474fc9e6114cf63b8ba012233c9afcd (patch) | |
| tree | fb1269e61158a1106166c4a241f97eea2bb88642 /docs | |
| parent | 1cfb00dc4164f7a5342c1866a50485b1c2845cb7 (diff) | |
Added info to release notes about CSRF improvements
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.4.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt index 8742103a36..7fdf0d7e1c 100644 --- a/docs/releases/1.4.txt +++ b/docs/releases/1.4.txt @@ -78,6 +78,16 @@ A new helper function, ``template.Library`` to ease the creation of template tags that store some data in a specified context variable. +CSRF improvements +~~~~~~~~~~~~~~~~~ + +We've made various improvements to our CSRF features, including the +:func:`~django.views.decorators.csrf.ensure_csrf_cookie` decorator which can +help with AJAX heavy sites, protection for PUT and DELETE, and settings +:setting:`CSRF_COOKIE_SECURE` and :setting:`CSRF_COOKIE_PATH` which can improve +the security and usefulness of the CSRF protection. See the :doc:`CSRF docs +</ref/contrib/csrf>` for more information. + .. _backwards-incompatible-changes-1.4: Backwards incompatible changes in 1.4 |
