summaryrefslogtreecommitdiff
path: root/django/http/request.py
AgeCommit message (Collapse)Author
2013-11-28Fixed E125 pep8 warningsChristopher Medrela
2013-11-16Fixed #21447 -- Restored code erroneously removed in ↵Baptiste Mispelon
20472aa827669d2b83b74e521504e88e18d086a1. Also added some tests for HttpRequest.__repr__. Note that the added tests don't actually catch the accidental code removal (see ticket) but they do cover a codepath that wasn't tested before. Thanks to Tom Christie for the report and the original patch.
2013-11-02Fixed all E261 warningscoagulant
2013-10-24Fixed #20338 -- Stripped ending dot during host validationClaude Paroz
Thanks manfre for the report and Timo Graham for the review.
2013-10-18Fixed #21287 -- Fixed E123 pep8 warningsAlasdair Nicol
2013-10-15Fixed #7603 -- Added a 'scheme' property to the HttpRequest objectUnai Zalakain
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is appropriately set and falls back to `HttpRequest._get_scheme()` (a hook for subclasses to implement) otherwise. `WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI environ variable to determine the request scheme. `HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is `https`. This provides a way to check the current scheme in templates, for example. It also allows us to deal with other schemes. Thanks nslater for the suggestion.
2013-10-08Fixed #16822 -- Added RawPostDataExceptionTim Graham
Thanks jaylett for the patch.
2013-10-05Fixed #21189: Cleaned up usage of bare except clauses.Baptiste Mispelon
Thanks to berkerpeksag for the report and to claudep for the review.
2013-07-31Fixed #19987 -- Disabled host validation when DEBUG=True.Will Hardy
The documentation promises that host validation is disabled when DEBUG=True, that all hostnames are accepted. Domains not compliant with RFC 1034/1035 were however being validated, this validation has now been removed when DEBUG=True. Additionally, when DEBUG=False a more detailed SuspiciousOperation exception message is provided when host validation fails because the hostname is not RFC 1034/1035 compliant.
2013-07-29Removed most of absolute_import importsClaude Paroz
Should be unneeded with Python 2.7 and up. Added some unicode_literals along the way.
2013-06-26Fixed missing initializations in WSGIRequest. Refs #20619Loic Bistuer
2013-06-01Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostErrorClaude Paroz
Thanks KyleMac for the report, André Cruz for the initial patch and Hiroki Kiyohara for the tests.
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-04-03Fixed #20038 -- Better error message for host validation.Baptiste Mispelon
2013-03-10Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.Aymeric Augustin
Obviously it isn't set until the URL is resolved.
2013-02-19Added a new required ALLOWED_HOSTS setting for HTTP host header validation.Carl Meyer
This is a security fix; disclosure and advisory coming shortly.
2012-12-29Removed HttpRequest.raw_post_data.Aymeric Augustin
2012-12-10Fixed a security issue in get_host.Florian Apolloner
Full disclosure and new release forthcoming.
2012-11-03Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.Aymeric Augustin
Thanks Claude Paroz.
2012-10-21Cleaned up the the http module. Moved all of the code from __init__.py to ↵Alex Gaynor
request.py, response.py and utils.py