diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2017-09-17 22:24:05 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-09-20 16:32:24 -0400 |
| commit | 42847327d1277451ee7a61716f7b9f62f50ecbdc (patch) | |
| tree | 07baf7b092402eb95bfa348f4267f39bc88a95f5 /docs | |
| parent | 19ea298aaff3ebecb26466f469226953d451e347 (diff) | |
[1.11.x] Fixed #28488 -- Reallowed error handlers to access CSRF tokens.
Regression in eef95ea96faef0b7dbbe0c8092202b74f68a899b.
Backport of c4c128d67c7dc2830631c6859a204c9d259f1fb1 from master
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.11.6.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/releases/1.11.6.txt b/docs/releases/1.11.6.txt index ff9d4385fe..222a9c9125 100644 --- a/docs/releases/1.11.6.txt +++ b/docs/releases/1.11.6.txt @@ -14,3 +14,7 @@ Bugfixes * Fixed crash when using the name of a model's autogenerated primary key (``id``) in an ``Index``'s ``fields`` (:ticket:`28597`). + +* Fixed a regression in Django 1.9 where a custom view error handler such as + ``handler404`` that accesses ``csrf_token`` could cause CSRF verification + failures on other pages (:ticket:`28488`). |
