summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2023-01-12 12:47:42 +0100
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2023-01-17 11:49:15 +0100
commite01970e9d23a241473671ea26126f8440db4dead (patch)
treeb3d902755864abb350ff7e3e61c443bf48e15b96 /docs
parentdaf88e778bd39d908dca9efc3571d37adbd2ff4a (diff)
Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline.
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/settings.txt14
-rw-r--r--docs/releases/4.1.txt11
-rw-r--r--docs/releases/5.0.txt2
3 files changed, 7 insertions, 20 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 109cc887f7..98726e6a22 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -343,20 +343,6 @@ form input <acquiring-csrf-token-from-html>` instead of :ref:`from the cookie
See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``.
-.. setting:: CSRF_COOKIE_MASKED
-
-``CSRF_COOKIE_MASKED``
-----------------------
-
-Default: ``False``
-
-Whether to mask the CSRF cookie. See
-:ref:`release notes <csrf-cookie-masked-usage>` for usage details.
-
-.. deprecated:: 4.1
-
- This transitional setting is deprecated and will be removed in Django 5.0.
-
.. setting:: CSRF_COOKIE_NAME
``CSRF_COOKIE_NAME``
diff --git a/docs/releases/4.1.txt b/docs/releases/4.1.txt
index 1a59d4ab93..0391548e63 100644
--- a/docs/releases/4.1.txt
+++ b/docs/releases/4.1.txt
@@ -98,16 +98,15 @@ See :ref:`the Forms section (below)<forms-4.1>` for full details.
``CSRF_COOKIE_MASKED`` setting
------------------------------
-The new :setting:`CSRF_COOKIE_MASKED` transitional setting allows specifying
-whether to mask the CSRF cookie.
+The new ``CSRF_COOKIE_MASKED`` transitional setting allows specifying whether
+to mask the CSRF cookie.
:class:`~django.middleware.csrf.CsrfViewMiddleware` no longer masks the CSRF
cookie like it does the CSRF token in the DOM. If you are upgrading multiple
instances of the same project to Django 4.1, you should set
-:setting:`CSRF_COOKIE_MASKED` to ``True`` during the transition, in
-order to allow compatibility with the older versions of Django. Once the
-transition to 4.1 is complete you can stop overriding
-:setting:`CSRF_COOKIE_MASKED`.
+``CSRF_COOKIE_MASKED`` to ``True`` during the transition, in order to allow
+compatibility with the older versions of Django. Once the transition to 4.1 is
+complete you can stop overriding ``CSRF_COOKIE_MASKED``.
This setting is deprecated as of this release and will be removed in Django
5.0.
diff --git a/docs/releases/5.0.txt b/docs/releases/5.0.txt
index f5b4f532a9..0a5ab35501 100644
--- a/docs/releases/5.0.txt
+++ b/docs/releases/5.0.txt
@@ -306,3 +306,5 @@ See :ref:`deprecated-features-4.1` for details on these changes, including how
to remove usage of these features.
* The ``SitemapIndexItem.__str__()`` method is removed.
+
+* The ``CSRF_COOKIE_MASKED`` transitional setting is removed.