summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/ref/contrib/csrf.txt2
-rw-r--r--docs/releases/1.2.txt24
2 files changed, 22 insertions, 4 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index b76ec2f4f0..ea76fc3739 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -153,6 +153,8 @@ launch a CSRF attack on your site against that user. The
``@csrf_response_exempt`` decorator can be used to fix this, but only if the
page doesn't also contain internal forms that require the token.
+.. _ref-csrf-upgrading-notes:
+
Upgrading notes
---------------
diff --git a/docs/releases/1.2.txt b/docs/releases/1.2.txt
index afc2657786..54d7672453 100644
--- a/docs/releases/1.2.txt
+++ b/docs/releases/1.2.txt
@@ -26,13 +26,13 @@ There have been large changes to the way that CSRF protection works, detailed in
changes that developers must be aware of:
* ``CsrfResponseMiddleware`` and ``CsrfMiddleware`` have been deprecated, and
- will be removed completely in Django 1.4, in favour of a template tag that
+ will be removed completely in Django 1.4, in favor of a template tag that
should be inserted into forms.
* All contrib apps use a ``csrf_protect`` decorator to protect the view. This
requires the use of the csrf_token template tag in the template, so if you
- have used custom templates for contrib views, you MUST READ THE UPGRADE
- INSTRUCTIONS to fix those templates.
+ have used custom templates for contrib views, you MUST READ THE :ref:`UPGRADE
+ INSTRUCTIONS <ref-csrf-upgrading-notes>` to fix those templates.
* ``CsrfViewMiddleware`` is included in :setting:`MIDDLEWARE_CLASSES` by
default. This turns on CSRF protection by default, so that views that accept
@@ -72,7 +72,23 @@ changes:
Features deprecated in 1.2
==========================
-None.
+CSRF response rewriting middleware
+----------------------------------
+
+``CsrfResponseMiddleware``, the middleware that automatically inserted CSRF
+tokens into POST forms in outgoing pages, has been deprecated in favor of a
+template tag method (see above), and will be removed completely in Django
+1.4. ``CsrfMiddleware``, which includes the functionality of
+``CsrfResponseMiddleware`` and ``CsrfViewMiddleware`` has likewise been
+deprecated.
+
+Also, the CSRF module has moved from contrib to core, and the old imports are
+deprecated, as described in the :ref:`upgrading notes <ref-csrf-upgrading-notes>`.
+
+``SMTPConnection``
+------------------
+
+This class has been deprecated in favor of the new generic e-mail backends.
What's new in Django 1.2
========================