summaryrefslogtreecommitdiff
path: root/django/http
AgeCommit message (Collapse)Author
2021-04-27[2.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in ↵Florian Apolloner
file uploads.
2021-04-06[2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via ↵Mariusz Felisiak
uploaded files. Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
2020-07-16[2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in ↵Mariusz Felisiak
HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 331324ecce1330dce3dbd1713203cb9a42854ad7 from stable/3.0.x
2020-06-02[2.2.x] Fixed E128, E741 flake8 warnings.Mariusz Felisiak
Backport of 0668164b4ac93a5be79f5b87fae83c657124d9ab from master.
2019-07-01[2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
2019-01-16Fixed #20147 -- Added HttpRequest.headers.Santiago Basulto
2018-09-25Normalized spelling of "lowercase" and "lowercased".Jon Dufresne
2018-09-25Refs #29784 -- Normalized Python docs links to omit the version.Jon Dufresne
2018-08-02Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values.Tim Graham
Regression in 7d96f0c49ab750799860e42716d7105e11de44de.
2018-07-16Fixed django/http/request.py docstring typo.François Freitag
2018-07-10Simplified HttpRequest.__iter__().Sergey Fedoseev
2018-06-07Removed unused HttpRequest._post_parse_error attribute.Josh Schneier
Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593.
2018-05-15Fixed #16470 -- Allowed FileResponse to auto-set some Content headers.Claude Paroz
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
2018-04-13Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor
Thanks Alex Gaynor for contributing to the patch.
2018-02-07Refs #27795 -- Replaced force_bytes() usage in django.http.Tim Graham
2018-01-10Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri().George-Cristian Bîrzan
2018-01-08Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use ↵Alvin Lindstam
__Secure/Host prefixes.
2018-01-03Fixed #28982 -- Simplified code with and/or.Дилян Палаузов
2018-01-02Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.Alexey
2017-12-26Fixed #28930 -- Simplified code with any() and all().Дилян Палаузов
2017-11-14Fixed #28795 -- Removed 'not in' checks and used dict.setdefault().Дилян Палаузов
2017-11-07Fixed #28720 -- Added HttpRequest.get_full_path_info().Jonas Haag
2017-11-06Fixed #28776 -- Fixed a/an/and typos in docs and comments.Дилян Палаузов
2017-09-25Fixed #27857 -- Dropped support for Python 3.4.Tim Graham
2017-09-22Removed unused eof argument to BoundaryIter._find_boundary().Mariusz Felisiak
Unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
2017-09-07Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."Tim Graham
This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better.
2017-08-23Removed unneeded iter() calls.Sergey Fedoseev
A few of these were unnecessarily added in 2b281cc35ed9d997614ca3c416928d7fabfef1ad.
2017-06-28Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().Mads Jensen
2017-05-27Fixed #28226 -- Replaced use of str.join() with concatenation.Tom
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-04-26Fixed #28137 -- Deprecated HttpRequest.xreadlines().Josh Schneier
2017-02-20Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257.Anton Samarchyan
2017-02-17Fixed #27308 -- Fixed BytesWarnings in the test suite.Tim Graham
2017-01-26Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis
2017-01-25Corrected http.multipartparser.exhaust() docstring.Tim Graham
MultiPartParserError was removed in ebf34c3cdcd2c75349c60a064427ac255958bf9b.
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-25Removed unused variables that are overwritten.Mads Jensen
2017-01-22Refs #23919 -- Replaced six.reraise by raiseClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded str() callsClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded force_str callsClaude Paroz
2017-01-19Refs #23919 -- Removed Python 2 version check in django.http.cookie.Tim Graham
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-12-27Fixed #27640 -- Fixed HttpResponse's __repr__() without a 'Content-Type' ↵roboslone
header.
2016-12-19Fixed #27606 -- Fixed HttpResponseRedirect.__repr__() crash when ↵Jerome Leclanche
DisallowedRedirect is raised.
2016-12-07Refs #17235 -- Made MultiPartParser leave request.POST immutable.Vinay Karanam
2016-11-29Fixed #27181 -- Allowed contrib.sites to match domains with trailing ".".Anton Samarchyan