summaryrefslogtreecommitdiff
path: root/django/http
AgeCommit message (Collapse)Author
2019-07-01Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review.
2019-06-20Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like ↵Chris Jerdonek
object.
2019-06-15Refs #30451 -- Added HttpRequest._set_content_type_params() hook.Mariusz Felisiak
2019-05-17Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename ↵ShingenPizza
is available.
2019-05-09Fixed #30310 -- Added support for looking up HttpHeaders.headers using ↵Troon
underscores.
2019-05-08Refs #27753 -- Deprecated django.utils.text.unescape_entities().Jon Dufresne
The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4.
2019-04-24Removed unnecessary assignments in various code.Jon Dufresne
2019-03-29Fixed #30294 -- Allowed HttpResponse to accept memoryview content.sage
2019-03-02Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart ↵Tim Graham
request.
2019-03-02Fixed #30227 -- Fixed crash on request without boundary in Content-Type.Tim Graham
2019-02-14Optimized iterator exhaustion using collections.deque().Nick Pope
2019-02-06Refs #27753 -- Favored force/smart_str() over force/smart_text().Aymeric Augustin
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-17Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline.Tim Graham
2019-01-17Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.Tim Graham
2019-01-16Fixed #20147 -- Added HttpRequest.headers.Santiago Basulto
2018-09-25Normalized spelling of "lowercase" and "lowercased".Jon Dufresne
2018-09-25Refs #29784 -- Normalized Python docs links to omit the version.Jon Dufresne
2018-08-02Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values.Tim Graham
Regression in 7d96f0c49ab750799860e42716d7105e11de44de.
2018-07-16Fixed django/http/request.py docstring typo.François Freitag
2018-07-10Simplified HttpRequest.__iter__().Sergey Fedoseev
2018-06-07Removed unused HttpRequest._post_parse_error attribute.Josh Schneier
Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593.
2018-05-15Fixed #16470 -- Allowed FileResponse to auto-set some Content headers.Claude Paroz
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
2018-04-13Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor
Thanks Alex Gaynor for contributing to the patch.
2018-02-07Refs #27795 -- Replaced force_bytes() usage in django.http.Tim Graham
2018-01-10Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri().George-Cristian Bîrzan
2018-01-08Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use ↵Alvin Lindstam
__Secure/Host prefixes.
2018-01-03Fixed #28982 -- Simplified code with and/or.Дилян Палаузов
2018-01-02Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.Alexey
2017-12-26Fixed #28930 -- Simplified code with any() and all().Дилян Палаузов
2017-11-14Fixed #28795 -- Removed 'not in' checks and used dict.setdefault().Дилян Палаузов
2017-11-07Fixed #28720 -- Added HttpRequest.get_full_path_info().Jonas Haag
2017-11-06Fixed #28776 -- Fixed a/an/and typos in docs and comments.Дилян Палаузов
2017-09-25Fixed #27857 -- Dropped support for Python 3.4.Tim Graham
2017-09-22Removed unused eof argument to BoundaryIter._find_boundary().Mariusz Felisiak
Unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
2017-09-07Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."Tim Graham
This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better.
2017-08-23Removed unneeded iter() calls.Sergey Fedoseev
A few of these were unnecessarily added in 2b281cc35ed9d997614ca3c416928d7fabfef1ad.
2017-06-28Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().Mads Jensen
2017-05-27Fixed #28226 -- Replaced use of str.join() with concatenation.Tom
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-04-26Fixed #28137 -- Deprecated HttpRequest.xreadlines().Josh Schneier
2017-02-20Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257.Anton Samarchyan
2017-02-17Fixed #27308 -- Fixed BytesWarnings in the test suite.Tim Graham
2017-01-26Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis
2017-01-25Corrected http.multipartparser.exhaust() docstring.Tim Graham
MultiPartParserError was removed in ebf34c3cdcd2c75349c60a064427ac255958bf9b.
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-25Removed unused variables that are overwritten.Mads Jensen
2017-01-22Refs #23919 -- Replaced six.reraise by raiseClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded str() callsClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded force_str callsClaude Paroz