| Age | Commit message (Collapse) | Author |
|
SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
|
|
|
|
|
|
Regression in 7d96f0c49ab750799860e42716d7105e11de44de.
|
|
|
|
|
|
Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593.
|
|
|
|
|
|
|
|
|
|
|
|
A few of these were unnecessarily added in 2b281cc35ed9d997614ca3c416928d7fabfef1ad.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Thanks Tim Graham for the review.
|
|
Thanks Tim Graham and Simon Charette for the reviews.
|
|
Thanks Tim Graham for the review.
|
|
|
|
|
|
|
|
This is a security fix.
|
|
The smart_* version should only be used when a lazy string should keep
its lazy status.
|
|
Thanks LaMont Jones for the report and patch.
|
|
|
|
|
|
Thanks Tom Christie for review.
|
|
|
|
Parsed the CONTENT_TYPE header once and recorded it on the request.
|
|
|
|
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
|
|
|
|
|
|
|
|
|
|
|
|
This introduces a force_append_slash argument for request.get_full_path()
which is used by RedirectFallbackMiddleware and CommonMiddleware when
handling redirects for settings.APPEND_SLASH.
|
|
|
|
|
|
comprehension
|
|
|
|
|
|
|
|
refs #23395.
|