summaryrefslogtreecommitdiff
path: root/django/core/checks/security/csrf.py
AgeCommit message (Collapse)Author
2026-02-10Fixed #36903 -- Fixed further NameErrors when inspecting functions with ↵93578237
deferred annotations. Provide a wrapper for safe introspection of user functions on Python 3.14+. Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04.
2025-10-13Replaced multi-level relative imports with absolute imports in django/.lyova24
2022-02-21Refs #33526 -- Made ↵Mariusz Felisiak
CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_HTTPONLY don't pass on truthy values.
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-01-12Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code.Hasan Ramezani
2021-01-12Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting.Hasan Ramezani
2017-01-17Refs #26601 -- Removed support for old-style middleware using ↵Tim Graham
settings.MIDDLEWARE_CLASSES.
2016-12-19Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security.Tim Graham
2016-12-17Refs #16859 -- Disabled CSRF_COOKIE_* checks when using CSRF_USE_SESSIONS.Raphael Michel
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP.
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2014-09-12Fixed #17101 -- Integrated django-secure and added check --deploy optionTim Graham
Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews.