summaryrefslogtreecommitdiff
path: root/django/http/request.py
AgeCommit message (Collapse)Author
2021-02-19[3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via ↵Nick Pope
django.utils.http.parse_qsl().
2020-09-07Refs #21231 -- Corrected parse_qsl() fallback.Tim Graham
An oversight in fd209f62f1d83233cc634443cfac5ee4328d98b8.
2020-09-03Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8.Nick Pope
2020-06-03Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2.Mariusz Felisiak
2020-05-12Fixed E128, E741 flake8 warnings.Mariusz Felisiak
2020-01-27Fixed #30997 -- Deprecated HttpRequest.is_ajax().Claude Paroz
2020-01-24Refs #30997 -- Added HttpRequest.accepts().Claude Paroz
2019-12-27Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with ↵Jon Dufresne
reverse_lazy() locations.
2019-12-05Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵Gordon Pendleton
default when DEBUG=True.
2019-10-29Fixed #30899 -- Lazily compiled import time regular expressions.Hasan Ramezani
2019-07-01Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review.
2019-06-15Refs #30451 -- Added HttpRequest._set_content_type_params() hook.Mariusz Felisiak
2019-05-09Fixed #30310 -- Added support for looking up HttpHeaders.headers using ↵Troon
underscores.
2019-02-06Refs #27753 -- Favored force/smart_str() over force/smart_text().Aymeric Augustin
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-17Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline.Tim Graham
2019-01-16Fixed #20147 -- Added HttpRequest.headers.Santiago Basulto
2018-09-25Normalized spelling of "lowercase" and "lowercased".Jon Dufresne
2018-08-02Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values.Tim Graham
Regression in 7d96f0c49ab750799860e42716d7105e11de44de.
2018-07-16Fixed django/http/request.py docstring typo.François Freitag
2018-07-10Simplified HttpRequest.__iter__().Sergey Fedoseev
2018-06-07Removed unused HttpRequest._post_parse_error attribute.Josh Schneier
Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593.
2018-02-07Refs #27795 -- Replaced force_bytes() usage in django.http.Tim Graham
2018-01-10Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri().George-Cristian Bîrzan
2018-01-03Fixed #28982 -- Simplified code with and/or.Дилян Палаузов
2017-12-26Fixed #28930 -- Simplified code with any() and all().Дилян Палаузов
2017-11-07Fixed #28720 -- Added HttpRequest.get_full_path_info().Jonas Haag
2017-08-23Removed unneeded iter() calls.Sergey Fedoseev
A few of these were unnecessarily added in 2b281cc35ed9d997614ca3c416928d7fabfef1ad.
2017-04-26Fixed #28137 -- Deprecated HttpRequest.xreadlines().Josh Schneier
2017-02-20Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257.Anton Samarchyan
2017-01-26Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-22Refs #23919 -- Replaced six.reraise by raiseClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded str() callsClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded force_str callsClaude Paroz
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-29Fixed #27181 -- Allowed contrib.sites to match domains with trailing ".".Anton Samarchyan
2016-11-17Fixed #27156 -- Made changing HttpRequest.encoding clear GET.PREMANAND
2016-11-01Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.Tim Graham
This is a security fix.
2016-09-03Replaced smart_* by force_* calls whenever possibleClaude Paroz
The smart_* version should only be used when a lazy string should keep its lazy status.
2016-08-11Fixed #27046 -- Supported IPv6-formatted IPv4 addresses in host validation.Tim Graham
Thanks LaMont Jones for the report and patch.
2016-08-03Fixed #27005 -- Fixed crash if request.META[''CONTENT_LENGTH']=''.Tim Graham
2016-06-06Fixed #26707 -- Added QueryDict.fromkeys()wim glenn
2016-05-12Fixed #21231 -- Enforced a max size for GET/POST values read into memory.Andre Cruz
Thanks Tom Christie for review.
2016-05-03Refs #22897 -- Removed unneeded empty string QueryDict argument.Tim Graham
2016-02-10Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.Curtis Maloney
Parsed the CONTENT_TYPE header once and recorded it on the request.