| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-03-07 | Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the ↵ | Luke Plant | |
| max_age argument. | |||
| 2022-03-02 | Refs #33546 -- Optimized handling content types in HttpResponseBase.__init__(). | Keryn Knight | |
| This removes an extraneous conditional causing "Content-Type" to be checked within the ResponseHeaders twice, if a content_type parameter is provided. | |||
| 2022-03-02 | Refs #33546 -- Optimized HttpResponseBase.charset a bit. | Keryn Knight | |
| This avoids scanning the Content-Type if it's empty, allowing the Content-Type header itself to have a charset assigned without using the re module. | |||
| 2022-03-02 | Refs #33546 -- Optimized ResponseHeaders._convert_to_charset() by reducing ↵ | Keryn Knight | |
| the type-checking duplication. In the common case, where keys and values are be encoded into ascii/latin-1, defer the checking for newlines until it's been successfully coerced to a string. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2022-03-02 | Refs #33546 -- Avoided unpacking data in ResponseHeaders when not necessary. | Keryn Knight | |
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-01 | Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. | Mariusz Felisiak | |
| Thanks Alan Ryan for the report and initial patch. | |||
| 2022-01-20 | Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. | Hrushikesh Vaidya | |
| 2022-01-07 | Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate. | Ad Timmering | |
| 2021-12-02 | Updated various links to HTTPS and new locations. | Mariusz Felisiak | |
| Co-Authored-By: Nick Pope <nick@nickpope.me.uk> | |||
| 2021-10-15 | Refs #30509 -- Adjusted internal FileResponse variable name. | Carlton Gibson | |
| Follow up to dc724c5bf9d3b8d59c9571aa751c3cd001cdeced. | |||
| 2021-10-14 | Fixed #30509 -- Made FileResponse better handle buffers and non-zero file ↵ | Piotr Kunicki | |
| offsets. | |||
| 2021-09-22 | Optimized handling case-insensitive mappings. | Illia Volochii | |
| Elements yielded by _destruct_iterable_mapping_values are always unpacked. Since unpacking can be done with any iterable, there is no need to convert elements to tuples. Also, such elements can be used directly in for loops, creating a dictionary of them is excessive. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2021-08-02 | Simplified serializing HTTP response headers. | Illia Volochii | |
| Since ResponseHeaders was introduced, header names and values are stored as strings. There is no need to check whether they are bytes. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | |||
| 2021-06-22 | Refs #24121 -- Added __repr__() to StreamingHttpResponse and subclasses. | Nicolas Restrepo | |
| 2021-05-12 | Fixed #32366 -- Updated datetime module usage to recommended approach. | Nick Pope | |
| - Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp(). | |||
| 2021-05-04 | Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | Florian Apolloner | |
| 2021-04-30 | Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵ | Hasan Ramezani | |
| ExceptionReporter._get_raw_insecure_uri(). | |||
| 2021-04-29 | Fixed capitalization of "ECMAScript" and "JavaScript". | Nick Pope | |
| 2021-04-06 | Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. | Mariusz Felisiak | |
| Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. | |||
| 2021-02-10 | Fixed #32355 -- Dropped support for Python 3.6 and 3.7 | Mariusz Felisiak | |
| 2021-01-28 | Fixed #32389 -- Fixed ResponseHeaders crash when data is not mapping. | Illia Volochii | |
| 2021-01-14 | Refs #30997 -- Removed HttpRequest.is_ajax() per deprecation timeline. | Mariusz Felisiak | |
| 2020-12-08 | Fixed grammar in HttpResponse docstring. | ᴙɘɘᴙgYmɘᴙɘj | |
| 2020-11-10 | Refs #32074 -- Fixed handling memoryview content by HttpResponse on Python ↵ | Mariusz Felisiak | |
| 3.10+. An iterator was added to memoryview in Python 3.10, see https://bugs.python.org/issue41732 Refs #30294 | |||
| 2020-10-07 | Fixed #32002 -- Added headers parameter to HttpResponse and subclasses. | Tom Carrick | |
| 2020-09-30 | Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads. | aryan | |
| This patch allows upload handlers to handle interrupted uploads. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-07 | Refs #21231 -- Corrected parse_qsl() fallback. | Tim Graham | |
| An oversight in fd209f62f1d83233cc634443cfac5ee4328d98b8. | |||
| 2020-09-05 | Fixed #31982 -- Made HttpResponse.set_cookie() cast max_age argument to an ↵ | Hasan Ramezani | |
| integer. | |||
| 2020-09-03 | Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8. | Nick Pope | |
| 2020-07-16 | Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. | |||
| 2020-06-11 | Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. | Michael Brown | |
| 2020-06-03 | Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2. | Mariusz Felisiak | |
| 2020-05-12 | Fixed E128, E741 flake8 warnings. | Mariusz Felisiak | |
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2020-02-28 | Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. | 007 | |
| 2020-02-11 | Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used. | Florian Apolloner | |
| Thanks to Oskar Persson for the report. | |||
| 2020-02-11 | Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes ↵ | Florian Apolloner | |
| file-like object." This reverts commit cce47ff65a4dd3786c049ec14ee889e128ca7de9. | |||
| 2020-01-27 | Fixed #30997 -- Deprecated HttpRequest.is_ajax(). | Claude Paroz | |
| 2020-01-24 | Refs #30997 -- Added HttpRequest.accepts(). | Claude Paroz | |
| 2019-12-27 | Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with ↵ | Jon Dufresne | |
| reverse_lazy() locations. | |||
| 2019-12-12 | Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'. | Osaetin Daniel | |
| Thanks Florian Apolloner and Carlton Gibson for reviews. | |||
| 2019-12-05 | Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵ | Gordon Pendleton | |
| default when DEBUG=True. | |||
| 2019-10-29 | Fixed #30899 -- Lazily compiled import time regular expressions. | Hasan Ramezani | |
| 2019-07-01 | Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵ | Carlton Gibson | |
| SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. | |||
| 2019-06-20 | Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like ↵ | Chris Jerdonek | |
| object. | |||
| 2019-06-15 | Refs #30451 -- Added HttpRequest._set_content_type_params() hook. | Mariusz Felisiak | |
| 2019-05-17 | Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename ↵ | ShingenPizza | |
| is available. | |||
