| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-08-02 | Simplified serializing HTTP response headers. | Illia Volochii | |
| Since ResponseHeaders was introduced, header names and values are stored as strings. There is no need to check whether they are bytes. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2021-06-22 | Refs #24121 -- Added __repr__() to StreamingHttpResponse and subclasses. | Nicolas Restrepo | |
| 2021-05-12 | Fixed #32366 -- Updated datetime module usage to recommended approach. | Nick Pope | |
| - Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp(). | |||
| 2021-05-04 | Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | Florian Apolloner | |
| 2021-04-30 | Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵ | Hasan Ramezani | |
| ExceptionReporter._get_raw_insecure_uri(). | |||
| 2021-04-29 | Fixed capitalization of "ECMAScript" and "JavaScript". | Nick Pope | |
| 2021-04-06 | Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. | Mariusz Felisiak | |
| Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. | |||
| 2021-02-10 | Fixed #32355 -- Dropped support for Python 3.6 and 3.7 | Mariusz Felisiak | |
| 2021-01-28 | Fixed #32389 -- Fixed ResponseHeaders crash when data is not mapping. | Illia Volochii | |
| 2021-01-14 | Refs #30997 -- Removed HttpRequest.is_ajax() per deprecation timeline. | Mariusz Felisiak | |
| 2020-12-08 | Fixed grammar in HttpResponse docstring. | ᴙɘɘᴙgYmɘᴙɘj | |
| 2020-11-10 | Refs #32074 -- Fixed handling memoryview content by HttpResponse on Python ↵ | Mariusz Felisiak | |
| 3.10+. An iterator was added to memoryview in Python 3.10, see https://bugs.python.org/issue41732 Refs #30294 | |||
| 2020-10-07 | Fixed #32002 -- Added headers parameter to HttpResponse and subclasses. | Tom Carrick | |
| 2020-09-30 | Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads. | aryan | |
| This patch allows upload handlers to handle interrupted uploads. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-07 | Refs #21231 -- Corrected parse_qsl() fallback. | Tim Graham | |
| An oversight in fd209f62f1d83233cc634443cfac5ee4328d98b8. | |||
| 2020-09-05 | Fixed #31982 -- Made HttpResponse.set_cookie() cast max_age argument to an ↵ | Hasan Ramezani | |
| integer. | |||
| 2020-09-03 | Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8. | Nick Pope | |
| 2020-07-16 | Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. | |||
| 2020-06-11 | Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. | Michael Brown | |
| 2020-06-03 | Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2. | Mariusz Felisiak | |
| 2020-05-12 | Fixed E128, E741 flake8 warnings. | Mariusz Felisiak | |
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2020-02-28 | Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. | 007 | |
| 2020-02-11 | Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used. | Florian Apolloner | |
| Thanks to Oskar Persson for the report. | |||
| 2020-02-11 | Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes ↵ | Florian Apolloner | |
| file-like object." This reverts commit cce47ff65a4dd3786c049ec14ee889e128ca7de9. | |||
| 2020-01-27 | Fixed #30997 -- Deprecated HttpRequest.is_ajax(). | Claude Paroz | |
| 2020-01-24 | Refs #30997 -- Added HttpRequest.accepts(). | Claude Paroz | |
| 2019-12-27 | Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with ↵ | Jon Dufresne | |
| reverse_lazy() locations. | |||
| 2019-12-12 | Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'. | Osaetin Daniel | |
| Thanks Florian Apolloner and Carlton Gibson for reviews. | |||
| 2019-12-05 | Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵ | Gordon Pendleton | |
| default when DEBUG=True. | |||
| 2019-10-29 | Fixed #30899 -- Lazily compiled import time regular expressions. | Hasan Ramezani | |
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-06-20 | Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like ↵ | Chris Jerdonek | |
| object. | |||
| 2019-06-15 | Refs #30451 -- Added HttpRequest._set_content_type_params() hook. | Mariusz Felisiak | |
| 2019-05-17 | Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename ↵ | ShingenPizza | |
| is available. | |||
| 2019-05-09 | Fixed #30310 -- Added support for looking up HttpHeaders.headers using ↵ | Troon | |
| underscores. | |||
| 2019-05-08 | Refs #27753 -- Deprecated django.utils.text.unescape_entities(). | Jon Dufresne | |
| The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4. | |||
| 2019-04-24 | Removed unnecessary assignments in various code. | Jon Dufresne | |
| 2019-03-29 | Fixed #30294 -- Allowed HttpResponse to accept memoryview content. | sage | |
| 2019-03-02 | Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart ↵ | Tim Graham | |
| request. | |||
| 2019-03-02 | Fixed #30227 -- Fixed crash on request without boundary in Content-Type. | Tim Graham | |
| 2019-02-14 | Optimized iterator exhaustion using collections.deque(). | Nick Pope | |
| 2019-02-06 | Refs #27753 -- Favored force/smart_str() over force/smart_text(). | Aymeric Augustin | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2019-01-17 | Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline. | Tim Graham | |
| 2019-01-17 | Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. | Tim Graham | |
| 2019-01-16 | Fixed #20147 -- Added HttpRequest.headers. | Santiago Basulto | |
| 2018-09-25 | Normalized spelling of "lowercase" and "lowercased". | Jon Dufresne | |
| 2018-09-25 | Refs #29784 -- Normalized Python docs links to omit the version. | Jon Dufresne | |
