summaryrefslogtreecommitdiff
path: root/django/conf/global_settings.py
AgeCommit message (Collapse)Author
2026-04-22Fixed #35870 -- Made blank choice label in forms more accessible.Annabelle Wiegart
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
2025-09-23Fixed #36609 -- Added Haitian Creole (ht) language.Jean Patrick Prenis
Thanks Rebecca Conley for the review. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2025-09-16Fixed #35859 -- Added background Tasks framework interface.Jake Howard
This work implements what was defined in DEP 14 (https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst). Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce, Jacob Walls, and Natalia Bidart for the reviews.
2025-09-05Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField.Tim Graham
2025-07-23Refs #36500 -- Corrected rewrapped long lines fixed via a script.Mike Edmunds
Manually reformatted some comments and docstrings where autofix_w505.py changed the meaning of the formatting.
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-07-23Removed double spaces after periods and within phrases.Sarah Boyce
2025-07-22Refs #36138 -- Corrected ADMINS setting format in ↵Mike Edmunds
django/conf/global_settings.py comment.
2025-06-27Fixed #15727 -- Added Content Security Policy (CSP) support.Rob Hudson
This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-03-19Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and ↵Ahmed Nassar
urlizetrunc.
2025-01-15Refs #34380 -- Changed the URLField default scheme to https and removed ↵Sarah Boyce
FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline.
2024-09-19Updated link with valid options for LANGUAGE_CODE in global_settings.py.r0Zh-ovanya
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2023-11-28Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting.Mariusz Felisiak
This allows early adoption of the new default "https".
2023-09-18Refs #26029 -- Removed DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.Mariusz Felisiak
This also removes django.core.files.storage.get_storage_class(). Per deprecation timeline.
2023-08-12Added Uyghur language.Azat
2023-02-14Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2023-01-17Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵Mariusz Felisiak
deprecation timeline.
2023-01-17Refs #32365 -- Removed support for pytz timezones per deprecation timeline.Mariusz Felisiak
2023-01-17Refs #32873 -- Removed settings.USE_L10N per deprecation timeline.Mariusz Felisiak
2023-01-17Refs #32379 -- Changed default USE_TZ to True.Mariusz Felisiak
Per deprecation timeline.
2023-01-12Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.Jarosław Wygoda
2023-01-12Fixed #26029 -- Allowed configuring custom file storage backends.Jarosław Wygoda
2022-08-30Added Central Kurdish (Sorani) language.Swara
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Refs #33476 -- Used vertical hanging indentation for format lists with ↵Mariusz Felisiak
inline comments. Lists with multiple values and comments per-line are reformatted by Black to multiple lines with a single comment. For example: DATE_INPUT_FORMATS = "%Y-%m-%d", "%m/%d/%Y", "%m/%d/%y", # '2006-10-25', '10/25/2006', '10/25/06' ] is reformatted to the: DATE_INPUT_FORMATS = "%Y-%m-%d", "%m/%d/%Y", "%m/%d/%y", # '2006-10-25', '10/25/2006', '10/25/06' ] This reformats affected entries to multiple lines with corresponding comments.
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2021-11-29Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.Chris Jerdonek
This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-11-18Added Malay language.jhisham
2021-09-16Fixed #32365 -- Made zoneinfo the default timezone implementation.Carlton Gibson
Thanks to Adam Johnson, Aymeric Augustin, David Smith, Mariusz Felisiak, Nick Pope, and Paul Ganssle for reviews.
2021-09-14Fixed #32873 -- Deprecated settings.USE_L10N.Claude Paroz
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-29Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵David Smith
appropriate.
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-03-30Fixed #31840 -- Added support for Cross-Origin Opener Policy header.bankc
Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com>
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵Mariusz Felisiak
timeline.
2020-12-15Fixed #31007 -- Allowed specifying type of auto-created primary keys.Tom Forbes
This also changes the default type of auto-created primary keys for new apps and projects to BigAutoField.
2020-08-10Fixed #31871 -- Updated SESSION_COOKIE_SAMESITE comment in global_settings.py.אורי
Follow up to b33bfc383935cd26e19a2cf71d066ac6edd1425f.
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-07-14Added Igbo language.Kelechi Precious Nwachukwu
2020-07-08Added Turkmen language.Resulkary
2020-06-12Added support for the Tajik language.Claude Paroz
Thanks Sirius Sufiew for contributing that support.
2020-05-20Added Kyrgyz language.Claude Paroz
Thanks Soyuzbek orozbek uulu for contributing that support.
2020-05-05Refs #28622 -- Corrected PASSWORD_RESET_TIMEOUT/PASSWORD_RESET_TIMEOUT_DAYS ↵Chris Burchhardt
docs. Removed outdated note about an extra day in PASSWORD_RESET_TIMEOUT docs and incorrect "minimum" phrase.
2020-02-05Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'.Adam Johnson
2020-01-16Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.Pavel Lysak
2020-01-07Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default ↵Claude Paroz
input formats.
2019-12-14Added Algerian Arabic language.Rabah Saadi
2019-11-04Added Uzbek language.Claude Paroz