| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-11-26 | Fixed #36743 -- Increased URL max length enforced in HttpResponseRedirectBase. | varunkasyap | |
| Refs CVE-2025-64458. The previous limit of 2048 characters reused the URLValidator constant and proved too restrictive for legitimate redirects to some third-party services. This change introduces a separate `MAX_URL_REDIRECT_LENGTH` constant (defaulting to 16384) and uses it in HttpResponseRedirectBase. Thanks Jacob Walls for report and review. | |||
| 2025-11-05 | Fixed CVE-2025-64458 -- Mitigated potential DoS in ↵ | Jacob Walls | |
| HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821. | |||
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2025-02-18 | Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc. | Mariusz Felisiak | |
| datetime.UTC was added in Python 3.11. | |||
| 2024-11-14 | Fixed #35784 -- Added support for preserving the HTTP request method in ↵ | Lorenzo Peña | |
| HttpResponseRedirectBase. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-10-16 | Fixed #35727 -- Added HttpResponse.text property. | SaJH | |
| Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2024-08-28 | Refs #33735 -- Adjusted warning stacklevel in ↵ | Simon Charette | |
| StreamingHttpResponse.__iter__()/__aiter__(). | |||
| 2024-05-29 | Fixed 35467 -- Replaced urlparse with urlsplit where appropriate. | Jake Howard | |
| This work should not generate any change of functionality, and `urlsplit` is approximately 6x faster. Most use cases of `urlparse` didn't touch the path, so they can be converted to `urlsplit` without any issue. Most of those which do use `.path`, simply parse the URL, mutate the querystring, then put them back together, which is also fine (so long as urlunsplit is used). | |||
| 2023-04-12 | Refs #34482 -- Reverted "Fixed #32969 -- Fixed pickling HttpResponse and ↵ | Mariusz Felisiak | |
| subclasses." This reverts commit d7f5bfd241666c0a76e90208da1e9ef81aec44db. Thanks Márton Salomváry for the report. | |||
| 2023-04-12 | Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed pickling ↵ | Mariusz Felisiak | |
| HttpRequest and subclasses." This reverts commit 6220c445c40a6a7f4d442de8bde2628346153963. Thanks Adam Johnson and Márton Salomváry for reports. | |||
| 2023-03-14 | Fixed #34405 -- Fixed setting Content-Type header in FileResponse for ↵ | Mariusz Felisiak | |
| compress and brotli. Thanks Chamal De Silva for the report. | |||
| 2023-01-18 | Refs #34233 -- Used aiter() and anext(). | Nick Pope | |
| Available since Python 3.10. | |||
| 2022-12-22 | Fixed #33735 -- Added async support to StreamingHttpResponse. | Carlton Gibson | |
| Thanks to Florian Vazelle for initial exploratory work, and to Nick Pope and Mariusz Felisiak for review. | |||
| 2022-12-05 | Fixed #34194 -- Added django.utils.http.content_disposition_header(). | Alex Vandiver | |
| 2022-10-31 | Used more augmented assignment statements. | Nick Pope | |
| Identified using the following command: $ git grep -I '\(\<[_a-zA-Z0-9]\+\>\) *= *\1 *[-+/*^%&|<>@]' | |||
| 2022-09-14 | Fixed #29186 -- Fixed pickling HttpRequest and subclasses. | Anvesh Mishra | |
| 2022-08-03 | Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. | Carlton Gibson | |
| Thanks to Motoyasu Saburi for the report. | |||
| 2022-06-20 | Fixed #32969 -- Fixed pickling HttpResponse and subclasses. | Anv3sh | |
| 2022-03-24 | Refs #32365 -- Removed internal uses of utils.timezone.utc alias. | Carlton Gibson | |
| Remaining test case ensures that uses of the alias are mapped canonically by the migration writer. | |||
| 2022-03-07 | Refs #33562 -- Made HttpResponse.set_cookie() raise ValueError when both ↵ | Luke Plant | |
| "expires" and "max_age" are passed. This fixes the case where you might pass set_cookie(expires=val, max_age=val) and max_age is silently ignored. | |||
| 2022-03-07 | Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the ↵ | Luke Plant | |
| max_age argument. | |||
| 2022-03-02 | Refs #33546 -- Optimized handling content types in HttpResponseBase.__init__(). | Keryn Knight | |
| This removes an extraneous conditional causing "Content-Type" to be checked within the ResponseHeaders twice, if a content_type parameter is provided. | |||
| 2022-03-02 | Refs #33546 -- Optimized HttpResponseBase.charset a bit. | Keryn Knight | |
| This avoids scanning the Content-Type if it's empty, allowing the Content-Type header itself to have a charset assigned without using the re module. | |||
| 2022-03-02 | Refs #33546 -- Optimized ResponseHeaders._convert_to_charset() by reducing ↵ | Keryn Knight | |
| the type-checking duplication. In the common case, where keys and values are be encoded into ascii/latin-1, defer the checking for newlines until it's been successfully coerced to a string. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2022-03-02 | Refs #33546 -- Avoided unpacking data in ResponseHeaders when not necessary. | Keryn Knight | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-10-15 | Refs #30509 -- Adjusted internal FileResponse variable name. | Carlton Gibson | |
| Follow up to dc724c5bf9d3b8d59c9571aa751c3cd001cdeced. | |||
| 2021-10-14 | Fixed #30509 -- Made FileResponse better handle buffers and non-zero file ↵ | Piotr Kunicki | |
| offsets. | |||
| 2021-09-22 | Optimized handling case-insensitive mappings. | Illia Volochii | |
| Elements yielded by _destruct_iterable_mapping_values are always unpacked. Since unpacking can be done with any iterable, there is no need to convert elements to tuples. Also, such elements can be used directly in for loops, creating a dictionary of them is excessive. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2021-08-02 | Simplified serializing HTTP response headers. | Illia Volochii | |
| Since ResponseHeaders was introduced, header names and values are stored as strings. There is no need to check whether they are bytes. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2021-06-22 | Refs #24121 -- Added __repr__() to StreamingHttpResponse and subclasses. | Nicolas Restrepo | |
| 2021-05-12 | Fixed #32366 -- Updated datetime module usage to recommended approach. | Nick Pope | |
| - Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp(). | |||
| 2021-04-29 | Fixed capitalization of "ECMAScript" and "JavaScript". | Nick Pope | |
| 2021-01-28 | Fixed #32389 -- Fixed ResponseHeaders crash when data is not mapping. | Illia Volochii | |
| 2020-12-08 | Fixed grammar in HttpResponse docstring. | ᴙɘɘᴙgYmɘᴙɘj | |
| 2020-11-10 | Refs #32074 -- Fixed handling memoryview content by HttpResponse on Python ↵ | Mariusz Felisiak | |
| 3.10+. An iterator was added to memoryview in Python 3.10, see https://bugs.python.org/issue41732 Refs #30294 | |||
| 2020-10-07 | Fixed #32002 -- Added headers parameter to HttpResponse and subclasses. | Tom Carrick | |
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-05 | Fixed #31982 -- Made HttpResponse.set_cookie() cast max_age argument to an ↵ | Hasan Ramezani | |
| integer. | |||
| 2020-07-16 | Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. | |||
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2020-02-11 | Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used. | Florian Apolloner | |
| Thanks to Oskar Persson for the report. | |||
| 2020-02-11 | Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes ↵ | Florian Apolloner | |
| file-like object." This reverts commit cce47ff65a4dd3786c049ec14ee889e128ca7de9. | |||
| 2019-12-12 | Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'. | Osaetin Daniel | |
| Thanks Florian Apolloner and Carlton Gibson for reviews. | |||
| 2019-10-29 | Fixed #30899 -- Lazily compiled import time regular expressions. | Hasan Ramezani | |
| 2019-06-20 | Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like ↵ | Chris Jerdonek | |
| object. | |||
| 2019-05-17 | Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename ↵ | ShingenPizza | |
| is available. | |||
| 2019-03-29 | Fixed #30294 -- Allowed HttpResponse to accept memoryview content. | sage | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2019-01-17 | Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. | Tim Graham | |
 |
index : chango.git | |
| django |
| summaryrefslogtreecommitdiff |