| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-04-06 | [3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via ↵ | Mariusz Felisiak | |
| uploaded files. Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main. | |||
| 2021-02-19 | [3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via ↵ | Nick Pope | |
| django.utils.http.parse_qsl(). | |||
| 2021-01-28 | [3.2.x] Fixed #32389 -- Fixed ResponseHeaders crash when data is not mapping. | Illia Volochii | |
| Backport of 3c004075b1d4fe4aa1ffc3f7d699dd9525bc6c02 from master | |||
| 2020-12-08 | Fixed grammar in HttpResponse docstring. | ᴙɘɘᴙgYmɘᴙɘj | |
| 2020-11-10 | Refs #32074 -- Fixed handling memoryview content by HttpResponse on Python ↵ | Mariusz Felisiak | |
| 3.10+. An iterator was added to memoryview in Python 3.10, see https://bugs.python.org/issue41732 Refs #30294 | |||
| 2020-10-07 | Fixed #32002 -- Added headers parameter to HttpResponse and subclasses. | Tom Carrick | |
| 2020-09-30 | Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads. | aryan | |
| This patch allows upload handlers to handle interrupted uploads. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-07 | Refs #21231 -- Corrected parse_qsl() fallback. | Tim Graham | |
| An oversight in fd209f62f1d83233cc634443cfac5ee4328d98b8. | |||
| 2020-09-05 | Fixed #31982 -- Made HttpResponse.set_cookie() cast max_age argument to an ↵ | Hasan Ramezani | |
| integer. | |||
| 2020-09-03 | Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8. | Nick Pope | |
| 2020-07-16 | Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. | |||
| 2020-06-11 | Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. | Michael Brown | |
| 2020-06-03 | Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2. | Mariusz Felisiak | |
| 2020-05-12 | Fixed E128, E741 flake8 warnings. | Mariusz Felisiak | |
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2020-02-28 | Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. | 007 | |
| 2020-02-11 | Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used. | Florian Apolloner | |
| Thanks to Oskar Persson for the report. | |||
| 2020-02-11 | Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes ↵ | Florian Apolloner | |
| file-like object." This reverts commit cce47ff65a4dd3786c049ec14ee889e128ca7de9. | |||
| 2020-01-27 | Fixed #30997 -- Deprecated HttpRequest.is_ajax(). | Claude Paroz | |
| 2020-01-24 | Refs #30997 -- Added HttpRequest.accepts(). | Claude Paroz | |
| 2019-12-27 | Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with ↵ | Jon Dufresne | |
| reverse_lazy() locations. | |||
| 2019-12-12 | Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'. | Osaetin Daniel | |
| Thanks Florian Apolloner and Carlton Gibson for reviews. | |||
| 2019-12-05 | Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵ | Gordon Pendleton | |
| default when DEBUG=True. | |||
| 2019-10-29 | Fixed #30899 -- Lazily compiled import time regular expressions. | Hasan Ramezani | |
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-06-20 | Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like ↵ | Chris Jerdonek | |
| object. | |||
| 2019-06-15 | Refs #30451 -- Added HttpRequest._set_content_type_params() hook. | Mariusz Felisiak | |
| 2019-05-17 | Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename ↵ | ShingenPizza | |
| is available. | |||
| 2019-05-09 | Fixed #30310 -- Added support for looking up HttpHeaders.headers using ↵ | Troon | |
| underscores. | |||
| 2019-05-08 | Refs #27753 -- Deprecated django.utils.text.unescape_entities(). | Jon Dufresne | |
| The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4. | |||
| 2019-04-24 | Removed unnecessary assignments in various code. | Jon Dufresne | |
| 2019-03-29 | Fixed #30294 -- Allowed HttpResponse to accept memoryview content. | sage | |
| 2019-03-02 | Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart ↵ | Tim Graham | |
| request. | |||
| 2019-03-02 | Fixed #30227 -- Fixed crash on request without boundary in Content-Type. | Tim Graham | |
| 2019-02-14 | Optimized iterator exhaustion using collections.deque(). | Nick Pope | |
| 2019-02-06 | Refs #27753 -- Favored force/smart_str() over force/smart_text(). | Aymeric Augustin | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2019-01-17 | Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline. | Tim Graham | |
| 2019-01-17 | Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. | Tim Graham | |
| 2019-01-16 | Fixed #20147 -- Added HttpRequest.headers. | Santiago Basulto | |
| 2018-09-25 | Normalized spelling of "lowercase" and "lowercased". | Jon Dufresne | |
| 2018-09-25 | Refs #29784 -- Normalized Python docs links to omit the version. | Jon Dufresne | |
| 2018-08-02 | Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values. | Tim Graham | |
| Regression in 7d96f0c49ab750799860e42716d7105e11de44de. | |||
| 2018-07-16 | Fixed django/http/request.py docstring typo. | François Freitag | |
| 2018-07-10 | Simplified HttpRequest.__iter__(). | Sergey Fedoseev | |
| 2018-06-07 | Removed unused HttpRequest._post_parse_error attribute. | Josh Schneier | |
| Unused since 8f8c54f70bfa3aa8e311514297f1eeded2c32593. | |||
| 2018-05-15 | Fixed #16470 -- Allowed FileResponse to auto-set some Content headers. | Claude Paroz | |
| Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews. | |||
| 2018-04-13 | Fixed #27863 -- Added support for the SameSite cookie flag. | Alex Gaynor | |
| Thanks Alex Gaynor for contributing to the patch. | |||
| 2018-02-07 | Refs #27795 -- Replaced force_bytes() usage in django.http. | Tim Graham | |
