index
:
chango.git
devmain
fix-31295
initial-branch
main
stable/5.2.x
stable/6.0.x
django
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
django
/
middleware
/
csrf.py
Age
Commit message (
Expand
)
Author
2014-03-06
Fixed #22185 -- Added settings.CSRF_COOKIE_AGE
Roger Hu
2013-11-03
Fixed flake8 E251 violations
Milton Mazzarri
2013-11-02
More attacking E302 violators
Alex Gaynor
2013-11-02
Fixed #21324 -- Translate CSRF failure view
Bouke Haarsma
2013-10-18
Fixed bug causing CSRF token not to rotate on login.
Tim Graham
2013-06-19
Removed several unused imports.
Aymeric Augustin
2013-05-24
Rotate CSRF token on login
Andrew Godwin
2013-05-18
Fixed #19436 -- Don't log warnings in ensure_csrf_cookie.
Olivier Sels
2013-02-07
Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.
Aymeric Augustin
2013-01-29
Fixed typos in docs and comments
Tim Graham
2012-09-20
Imported getLogger directly from logging module
Claude Paroz
2012-09-10
fixed rfc comment typo in middleware/csrf.py
Collin Anderson
2012-08-13
[py3] Made csrf context processor return Unicode
Claude Paroz
2012-02-17
Documentation (and some small source code) edits from [17432] - [17537]
Adrian Holovaty
2012-02-11
Fixes #16827. Adds a length check to CSRF tokens before applying the santizin...
Paul McMillan
2012-02-09
Fixed #17358 -- Updated logging calls to use official syntax for arguments in...
Jannis Leidel
2011-05-09
Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Luke Plant
2011-05-09
Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF c...
Luke Plant
2011-03-30
Removed deprecated CsrfResponseMiddleware, and corresponding tests and docs
Luke Plant
2011-03-30
Removed Django 1.1 fallback for CSRF checks.
Luke Plant
2011-03-28
Removed a bunch more Python 2.4 workarounds now that we don't support that ve...
Adrian Holovaty
2011-03-15
Fixed #15617 - CSRF referer checking too strict
Luke Plant
2011-02-21
Corrected logging call in CSRF middleware
Luke Plant
2011-02-09
Fixed a security issue in the CSRF component. Disclosure and new release for...
Alex Gaynor
2010-10-28
Fixed #14565 - No csrf_token on 404 page.
Luke Plant
2010-10-14
Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
Luke Plant
2010-10-11
Fixed #14436 -- Escalated 1.2 PendingDeprecationWarnings to DeprecationWarnin...
Russell Keith-Magee
2010-10-06
Fixed #14406 -- Added a Python 2.4 compatibility to the logging interface. Th...
Russell Keith-Magee
2010-10-04
Fixed #12012 -- Added support for logging. Thanks to Vinay Sajip for his draf...
Russell Keith-Magee
2010-09-10
Fixed #14235 - UnicodeDecodeError in CSRF middleware
Luke Plant
2010-09-09
Patch CSRF-protection system to deal with reported security issue. Announceme...
James Bennett
2010-09-03
Added explanatory note on CSRF failure page for the case of a missing Referer...
Luke Plant
2010-06-30
Added proper code comments for the HTTPS CSRF protection.
Luke Plant
2010-06-08
Fixed #13716 - the CSRF get_token function stopped working for views with csr...
Luke Plant
2009-10-27
Misc clarifications in csrf middleware comments
Luke Plant
2009-10-27
Slight change to CSRF error messages to make debugging easier.
Luke Plant
2009-10-27
Removed unused import.
Luke Plant
2009-10-27
Moved contrib.csrf.* to core code.
Luke Plant