summaryrefslogtreecommitdiff
path: root/django/http
AgeCommit message (Collapse)Author
2020-07-16[3.1.x] Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵Mariusz Felisiak
HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 240cbb63bf9965c63d7a3cc9032f91410f414d46 from master
2020-06-11[3.1.x] Fixed #28132 -- Made MultiPartParser ignore filenames with trailing ↵Michael Brown
slash. Backport of 36db4dd937ae11c5b687c5d2e5fa3c27e4140001 from master
2020-06-03[3.1.x] Refs #30997 -- Improved HttpRequest.is_ajax() warning message with ↵Mariusz Felisiak
stacklevel=2. Backport of 7fc317ae736e8fda1aaf4d4ede84d95fffaf5281 from master
2020-05-12Fixed E128, E741 flake8 warnings.Mariusz Felisiak
2020-05-11Refs #30116 -- Simplified regex match group access with Match.__getitem__().Jon Dufresne
The method has been available since Python 3.6. The shorter syntax is also marginally faster.
2020-02-28Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.007
2020-02-11Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used.Florian Apolloner
Thanks to Oskar Persson for the report.
2020-02-11Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes ↵Florian Apolloner
file-like object." This reverts commit cce47ff65a4dd3786c049ec14ee889e128ca7de9.
2020-01-27Fixed #30997 -- Deprecated HttpRequest.is_ajax().Claude Paroz
2020-01-24Refs #30997 -- Added HttpRequest.accepts().Claude Paroz
2019-12-27Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with ↵Jon Dufresne
reverse_lazy() locations.
2019-12-12Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.Osaetin Daniel
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-05Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵Gordon Pendleton
default when DEBUG=True.
2019-10-29Fixed #30899 -- Lazily compiled import time regular expressions.Hasan Ramezani
2019-07-01Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review.
2019-06-20Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like ↵Chris Jerdonek
object.
2019-06-15Refs #30451 -- Added HttpRequest._set_content_type_params() hook.Mariusz Felisiak
2019-05-17Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename ↵ShingenPizza
is available.
2019-05-09Fixed #30310 -- Added support for looking up HttpHeaders.headers using ↵Troon
underscores.
2019-05-08Refs #27753 -- Deprecated django.utils.text.unescape_entities().Jon Dufresne
The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4.
2019-04-24Removed unnecessary assignments in various code.Jon Dufresne
2019-03-29Fixed #30294 -- Allowed HttpResponse to accept memoryview content.sage
2019-03-02Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart ↵Tim Graham
request.
2019-03-02Fixed #30227 -- Fixed crash on request without boundary in Content-Type.Tim Graham
2019-02-14Optimized iterator exhaustion using collections.deque().Nick Pope
2019-02-06Refs #27753 -- Favored force/smart_str() over force/smart_text().Aymeric Augustin
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-17Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline.Tim Graham
2019-01-17Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.Tim Graham
2019-01-16Fixed #20147 -- Added HttpRequest.headers.Santiago Basulto
2018-09-25Normalized spelling of "lowercase" and "lowercased".Jon Dufresne
2018-09-25Refs #29784 -- Normalized Python docs links to omit the version.Jon Dufresne
2018-08-02Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values.Tim Graham
Regression in 7d96f0c49ab750799860e42716d7105e11de44de.
2018-07-16Fixed django/http/request.py docstring typo.François Freitag
2018-07-10Simplified HttpRequest.__iter__().Sergey Fedoseev
2018-06-07Removed unused HttpRequest._post_parse_error attribute.Josh Schneier
Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593.
2018-05-15Fixed #16470 -- Allowed FileResponse to auto-set some Content headers.Claude Paroz
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
2018-04-13Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor
Thanks Alex Gaynor for contributing to the patch.
2018-02-07Refs #27795 -- Replaced force_bytes() usage in django.http.Tim Graham
2018-01-10Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri().George-Cristian Bîrzan
2018-01-08Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use ↵Alvin Lindstam
__Secure/Host prefixes.
2018-01-03Fixed #28982 -- Simplified code with and/or.Дилян Палаузов
2018-01-02Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.Alexey
2017-12-26Fixed #28930 -- Simplified code with any() and all().Дилян Палаузов
2017-11-14Fixed #28795 -- Removed 'not in' checks and used dict.setdefault().Дилян Палаузов
2017-11-07Fixed #28720 -- Added HttpRequest.get_full_path_info().Jonas Haag
2017-11-06Fixed #28776 -- Fixed a/an/and typos in docs and comments.Дилян Палаузов
2017-09-25Fixed #27857 -- Dropped support for Python 3.4.Tim Graham
2017-09-22Removed unused eof argument to BoundaryIter._find_boundary().Mariusz Felisiak
Unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
2017-09-07Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."Tim Graham
This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better.