| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-07-16 | [3.0.x] Fixed #31790 -- Fixed setting SameSite cookies flag in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 240cbb63bf9965c63d7a3cc9032f91410f414d46 from master. | |||
| 2020-05-12 | [3.0.x] Fixed E128, E741 flake8 warnings. | Mariusz Felisiak | |
| Backport of 0668164b4ac93a5be79f5b87fae83c657124d9ab from master. | |||
| 2020-02-11 | [3.0.x] Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper ↵ | Florian Apolloner | |
| is used. Thanks to Oskar Persson for the report. Backport of 41a3b3d18647b258331104520e76f977406c590d from master | |||
| 2020-02-11 | [3.0.x] Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper ↵ | Florian Apolloner | |
| closes file-like object." This reverts commit cce47ff65a4dd3786c049ec14ee889e128ca7de9. Backport of 549445519ce90cc5c1e3f981853cc0c67725f3ed from master | |||
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-06-20 | Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like ↵ | Chris Jerdonek | |
| object. | |||
| 2019-06-15 | Refs #30451 -- Added HttpRequest._set_content_type_params() hook. | Mariusz Felisiak | |
| 2019-05-17 | Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename ↵ | ShingenPizza | |
| is available. | |||
| 2019-05-09 | Fixed #30310 -- Added support for looking up HttpHeaders.headers using ↵ | Troon | |
| underscores. | |||
| 2019-05-08 | Refs #27753 -- Deprecated django.utils.text.unescape_entities(). | Jon Dufresne | |
| The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4. | |||
| 2019-04-24 | Removed unnecessary assignments in various code. | Jon Dufresne | |
| 2019-03-29 | Fixed #30294 -- Allowed HttpResponse to accept memoryview content. | sage | |
| 2019-03-02 | Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart ↵ | Tim Graham | |
| request. | |||
| 2019-03-02 | Fixed #30227 -- Fixed crash on request without boundary in Content-Type. | Tim Graham | |
| 2019-02-14 | Optimized iterator exhaustion using collections.deque(). | Nick Pope | |
| 2019-02-06 | Refs #27753 -- Favored force/smart_str() over force/smart_text(). | Aymeric Augustin | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2019-01-17 | Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline. | Tim Graham | |
| 2019-01-17 | Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. | Tim Graham | |
| 2019-01-16 | Fixed #20147 -- Added HttpRequest.headers. | Santiago Basulto | |
| 2018-09-25 | Normalized spelling of "lowercase" and "lowercased". | Jon Dufresne | |
| 2018-09-25 | Refs #29784 -- Normalized Python docs links to omit the version. | Jon Dufresne | |
| 2018-08-02 | Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values. | Tim Graham | |
| Regression in 7d96f0c49ab750799860e42716d7105e11de44de. | |||
| 2018-07-16 | Fixed django/http/request.py docstring typo. | François Freitag | |
| 2018-07-10 | Simplified HttpRequest.__iter__(). | Sergey Fedoseev | |
| 2018-06-07 | Removed unused HttpRequest._post_parse_error attribute. | Josh Schneier | |
| Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593. | |||
| 2018-05-15 | Fixed #16470 -- Allowed FileResponse to auto-set some Content headers. | Claude Paroz | |
| Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews. | |||
| 2018-04-13 | Fixed #27863 -- Added support for the SameSite cookie flag. | Alex Gaynor | |
| Thanks Alex Gaynor for contributing to the patch. | |||
| 2018-02-07 | Refs #27795 -- Replaced force_bytes() usage in django.http. | Tim Graham | |
| 2018-01-10 | Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri(). | George-Cristian Bîrzan | |
| 2018-01-08 | Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use ↵ | Alvin Lindstam | |
| __Secure/Host prefixes. | |||
| 2018-01-03 | Fixed #28982 -- Simplified code with and/or. | Дилян Палаузов | |
| 2018-01-02 | Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231. | Alexey | |
| 2017-12-26 | Fixed #28930 -- Simplified code with any() and all(). | Дилян Палаузов | |
| 2017-11-14 | Fixed #28795 -- Removed 'not in' checks and used dict.setdefault(). | Дилян Палаузов | |
| 2017-11-07 | Fixed #28720 -- Added HttpRequest.get_full_path_info(). | Jonas Haag | |
| 2017-11-06 | Fixed #28776 -- Fixed a/an/and typos in docs and comments. | Дилян Палаузов | |
| 2017-09-25 | Fixed #27857 -- Dropped support for Python 3.4. | Tim Graham | |
| 2017-09-22 | Removed unused eof argument to BoundaryIter._find_boundary(). | Mariusz Felisiak | |
| Unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2. | |||
| 2017-09-07 | Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()." | Tim Graham | |
| This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better. | |||
| 2017-08-23 | Removed unneeded iter() calls. | Sergey Fedoseev | |
| A few of these were unnecessarily added in 2b281cc35ed9d997614ca3c416928d7fabfef1ad. | |||
| 2017-06-28 | Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). | Mads Jensen | |
| 2017-05-27 | Fixed #28226 -- Replaced use of str.join() with concatenation. | Tom | |
| 2017-04-27 | Refs #27795 -- Replaced many force_text() with str() | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-04-26 | Fixed #28137 -- Deprecated HttpRequest.xreadlines(). | Josh Schneier | |
| 2017-02-20 | Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257. | Anton Samarchyan | |
| 2017-02-17 | Fixed #27308 -- Fixed BytesWarnings in the test suite. | Tim Graham | |
| 2017-01-26 | Refs #23919, #27778 -- Removed obsolete mentions of unicode. | Vytis Banaitis | |
| 2017-01-25 | Corrected http.multipartparser.exhaust() docstring. | Tim Graham | |
| MultiPartParserError was removed in ebf34c3cdcd2c75349c60a064427ac255958bf9b. | |||
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
