diff options
| author | Przemysław Suliga <mail@suligap.net> | 2016-08-19 14:32:21 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-08-19 19:16:00 -0400 |
| commit | 1f68bb5683608ebe1ce47f0c9d37dad9482d1df9 (patch) | |
| tree | 7882a425ade1cb5cc852d7c890f4409f67629bd9 /docs | |
| parent | 549b90fab33c80d1ba6575d4837ea52d79f70fb1 (diff) | |
Refs #26902 -- Protected against insecure redirects in set_language().
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.11.txt | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/releases/1.11.txt b/docs/releases/1.11.txt index 64afe7a841..802a09e6a9 100644 --- a/docs/releases/1.11.txt +++ b/docs/releases/1.11.txt @@ -356,12 +356,12 @@ to assign a free port. The ``DJANGO_LIVE_TEST_SERVER_ADDRESS`` environment variable is no longer used, and as it's also no longer used, the ``manage.py test --liveserver`` option is removed. -Protection against insecure redirects in :mod:`django.contrib.auth` views -------------------------------------------------------------------------- +Protection against insecure redirects in :mod:`django.contrib.auth` and ``i18n`` views +-------------------------------------------------------------------------------------- -``LoginView`` and ``LogoutView`` (and the deprecated function-based equivalents) -protect users from being redirected to non-HTTPS ``next`` URLs when the app -is running over HTTPS. +``LoginView``, ``LogoutView`` (and the deprecated function-based equivalents), +and :func:`~django.views.i18n.set_language` protect users from being redirected +to non-HTTPS ``next`` URLs when the app is running over HTTPS. Miscellaneous ------------- |
