| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-06-03 | [5.2.x] Fixed #36411 -- Made HttpRequest.get_preferred_type() consider media ↵ | Jake Howard | |
| type parameters. HttpRequest.get_preferred_type() did not account for parameters in Accept header media types (e.g., "text/vcard; version=3.0"). This caused incorrect content negotiation when multiple types differed only by parameters, reducing specificity as per RFC 7231 section 5.3.2 (https://datatracker.ietf.org/doc/html/rfc7231.html#section-5.3.2). This fix updates get_preferred_type() to treat media types with parameters as distinct, allowing more precise and standards-compliant matching. Thanks to magicfelix for the report, and to David Sanders and Sarah Boyce for the reviews. Backport of c075508b4de8edf9db553b409f8a8ed2f26ecead from main. | |||
| 2024-09-09 | Fixed #35631 -- Added HttpRequest.get_preferred_type(). | Jake Howard | |
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2023-08-25 | Fixed #34709 -- Raised BadRequest for non-UTF-8 requests with the ↵ | Mariusz Felisiak | |
| application/x-www-form-urlencoded content type. Thanks Eki Xu for the report. | |||
| 2023-08-02 | Simplified django.http.request.split_domain_port(). | Nick Pope | |
| Use the capture groups from the regular expression that has already been matched to avoid resplitting and the need to special case for IPv6. | |||
| 2023-04-12 | Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed pickling ↵ | Mariusz Felisiak | |
| HttpRequest and subclasses." This reverts commit 6220c445c40a6a7f4d442de8bde2628346153963. Thanks Adam Johnson and Márton Salomváry for reports. | |||
| 2023-02-14 | Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. | Markus Holtermann | |
| Thanks to Jakob Ackermann for the report. | |||
| 2023-01-18 | Refs #34233 -- Used str.removeprefix()/removesuffix(). | Mariusz Felisiak | |
| 2022-11-14 | Fixed #34074 -- Added headers argument to RequestFactory and Client classes. | David Wobrock | |
| 2022-09-14 | Fixed #29186 -- Fixed pickling HttpRequest and subclasses. | Anvesh Mishra | |
| 2022-06-28 | Refs #33697 -- Made MediaType use django.utils.http.parse_header_parameters(). | Mehrdad | |
| 2022-06-09 | Fixed #33755 -- Moved ASGI body-file cleanup into request class. | Jonas Lundberg | |
| 2022-05-11 | Refs #33173 -- Removed use of deprecated cgi module. | Carlton Gibson | |
| https://peps.python.org/pep-0594/#cgi | |||
| 2022-03-23 | Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols ↵ | Thomas Schmidt | |
| in the header value. | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-01-07 | Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate. | Ad Timmering | |
| 2021-04-30 | Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵ | Hasan Ramezani | |
| ExceptionReporter._get_raw_insecure_uri(). | |||
| 2021-02-10 | Fixed #32355 -- Dropped support for Python 3.6 and 3.7 | Mariusz Felisiak | |
| 2021-01-14 | Refs #30997 -- Removed HttpRequest.is_ajax() per deprecation timeline. | Mariusz Felisiak | |
| 2020-09-07 | Refs #21231 -- Corrected parse_qsl() fallback. | Tim Graham | |
| An oversight in fd209f62f1d83233cc634443cfac5ee4328d98b8. | |||
| 2020-09-03 | Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8. | Nick Pope | |
| 2020-06-03 | Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2. | Mariusz Felisiak | |
| 2020-05-12 | Fixed E128, E741 flake8 warnings. | Mariusz Felisiak | |
| 2020-01-27 | Fixed #30997 -- Deprecated HttpRequest.is_ajax(). | Claude Paroz | |
| 2020-01-24 | Refs #30997 -- Added HttpRequest.accepts(). | Claude Paroz | |
| 2019-12-27 | Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with ↵ | Jon Dufresne | |
| reverse_lazy() locations. | |||
| 2019-12-05 | Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵ | Gordon Pendleton | |
| default when DEBUG=True. | |||
| 2019-10-29 | Fixed #30899 -- Lazily compiled import time regular expressions. | Hasan Ramezani | |
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-06-15 | Refs #30451 -- Added HttpRequest._set_content_type_params() hook. | Mariusz Felisiak | |
| 2019-05-09 | Fixed #30310 -- Added support for looking up HttpHeaders.headers using ↵ | Troon | |
| underscores. | |||
| 2019-02-06 | Refs #27753 -- Favored force/smart_str() over force/smart_text(). | Aymeric Augustin | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2019-01-17 | Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline. | Tim Graham | |
| 2019-01-16 | Fixed #20147 -- Added HttpRequest.headers. | Santiago Basulto | |
| 2018-09-25 | Normalized spelling of "lowercase" and "lowercased". | Jon Dufresne | |
| 2018-08-02 | Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values. | Tim Graham | |
| Regression in 7d96f0c49ab750799860e42716d7105e11de44de. | |||
| 2018-07-16 | Fixed django/http/request.py docstring typo. | François Freitag | |
| 2018-07-10 | Simplified HttpRequest.__iter__(). | Sergey Fedoseev | |
| 2018-06-07 | Removed unused HttpRequest._post_parse_error attribute. | Josh Schneier | |
| Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593. | |||
| 2018-02-07 | Refs #27795 -- Replaced force_bytes() usage in django.http. | Tim Graham | |
| 2018-01-10 | Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri(). | George-Cristian Bîrzan | |
| 2018-01-03 | Fixed #28982 -- Simplified code with and/or. | Дилян Палаузов | |
| 2017-12-26 | Fixed #28930 -- Simplified code with any() and all(). | Дилян Палаузов | |
| 2017-11-07 | Fixed #28720 -- Added HttpRequest.get_full_path_info(). | Jonas Haag | |
| 2017-08-23 | Removed unneeded iter() calls. | Sergey Fedoseev | |
| A few of these were unnecessarily added in 2b281cc35ed9d997614ca3c416928d7fabfef1ad. | |||
| 2017-04-26 | Fixed #28137 -- Deprecated HttpRequest.xreadlines(). | Josh Schneier | |
| 2017-02-20 | Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257. | Anton Samarchyan | |
| 2017-01-26 | Refs #23919, #27778 -- Removed obsolete mentions of unicode. | Vytis Banaitis | |
