diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2023-01-12 12:47:42 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2023-01-17 11:49:15 +0100 |
| commit | e01970e9d23a241473671ea26126f8440db4dead (patch) | |
| tree | b3d902755864abb350ff7e3e61c443bf48e15b96 /docs | |
| parent | daf88e778bd39d908dca9efc3571d37adbd2ff4a (diff) | |
Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/settings.txt | 14 | ||||
| -rw-r--r-- | docs/releases/4.1.txt | 11 | ||||
| -rw-r--r-- | docs/releases/5.0.txt | 2 |
3 files changed, 7 insertions, 20 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 109cc887f7..98726e6a22 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -343,20 +343,6 @@ form input <acquiring-csrf-token-from-html>` instead of :ref:`from the cookie See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``. -.. setting:: CSRF_COOKIE_MASKED - -``CSRF_COOKIE_MASKED`` ----------------------- - -Default: ``False`` - -Whether to mask the CSRF cookie. See -:ref:`release notes <csrf-cookie-masked-usage>` for usage details. - -.. deprecated:: 4.1 - - This transitional setting is deprecated and will be removed in Django 5.0. - .. setting:: CSRF_COOKIE_NAME ``CSRF_COOKIE_NAME`` diff --git a/docs/releases/4.1.txt b/docs/releases/4.1.txt index 1a59d4ab93..0391548e63 100644 --- a/docs/releases/4.1.txt +++ b/docs/releases/4.1.txt @@ -98,16 +98,15 @@ See :ref:`the Forms section (below)<forms-4.1>` for full details. ``CSRF_COOKIE_MASKED`` setting ------------------------------ -The new :setting:`CSRF_COOKIE_MASKED` transitional setting allows specifying -whether to mask the CSRF cookie. +The new ``CSRF_COOKIE_MASKED`` transitional setting allows specifying whether +to mask the CSRF cookie. :class:`~django.middleware.csrf.CsrfViewMiddleware` no longer masks the CSRF cookie like it does the CSRF token in the DOM. If you are upgrading multiple instances of the same project to Django 4.1, you should set -:setting:`CSRF_COOKIE_MASKED` to ``True`` during the transition, in -order to allow compatibility with the older versions of Django. Once the -transition to 4.1 is complete you can stop overriding -:setting:`CSRF_COOKIE_MASKED`. +``CSRF_COOKIE_MASKED`` to ``True`` during the transition, in order to allow +compatibility with the older versions of Django. Once the transition to 4.1 is +complete you can stop overriding ``CSRF_COOKIE_MASKED``. This setting is deprecated as of this release and will be removed in Django 5.0. diff --git a/docs/releases/5.0.txt b/docs/releases/5.0.txt index f5b4f532a9..0a5ab35501 100644 --- a/docs/releases/5.0.txt +++ b/docs/releases/5.0.txt @@ -306,3 +306,5 @@ See :ref:`deprecated-features-4.1` for details on these changes, including how to remove usage of these features. * The ``SitemapIndexItem.__str__()`` method is removed. + +* The ``CSRF_COOKIE_MASKED`` transitional setting is removed. |
