summaryrefslogtreecommitdiff
path: root/django/core/checks/security
AgeCommit message (Expand)Author
2026-05-07Fixed #37084 -- Added CSP nonce context processor system check.Milad Zarour
2026-02-10Fixed #36903 -- Fixed further NameErrors when inspecting functions with defer...93578237
2025-10-13Replaced multi-level relative imports with absolute imports in django/.lyova24
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
2025-06-27Fixed #15727 -- Added Content Security Policy (CSP) support.Rob Hudson
2022-02-21Refs #33526 -- Made CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_H...Mariusz Felisiak
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-03-30Fixed #31840 -- Added support for Cross-Origin Opener Policy header.bankc
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
2021-01-12Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code.Hasan Ramezani
2021-01-12Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting.Hasan Ramezani
2020-11-11Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenera...Artem Kosenko
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
2020-07-29Fixed #29324 -- Made SECRET_KEY validation lazy (on first access).Florian Apolloner
2019-09-09Fixed #29406 -- Added support for Referrer-Policy header.Nick Pope
2019-09-09Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.Claude Paroz
2019-08-05Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER s...Adnan Umer
2018-10-30Capitalized SecurityMiddleware headers for consistency with other headers.Artur Juraszek
2017-01-17Refs #26601 -- Removed support for old-style middleware using settings.MIDDLE...Tim Graham
2016-12-19Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security.Tim Graham
2016-12-17Refs #16859 -- Disabled CSRF_COOKIE_* checks when using CSRF_USE_SESSIONS.Raphael Michel
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2016-08-10Refs #26947 -- Added a deployment system check for SECURE_HSTS_PRELOAD.Ed Morley
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
2015-07-15Fixed #24966 -- Added deployment system check for empty ALLOWED_HOSTS.rroskam
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2014-09-12Fixed #17101 -- Integrated django-secure and added check --deploy optionTim Graham