index
:
chango.git
devmain
fix-31295
initial-branch
main
stable/5.2.x
stable/6.0.x
django
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
django
/
middleware
/
csrf.py
Age
Commit message (
Expand
)
Author
2018-09-08
Fixed #29728 -- Prevented session resaving if CSRF cookie is unchanged.
Michal Čihař
2018-05-04
Fixed #26688 -- Fixed HTTP request logging inconsistencies.
Samir Shah
2018-04-13
Fixed #27863 -- Added support for the SameSite cookie flag.
Alex Gaynor
2018-02-14
Fixed #28693 -- Fixed crash in CsrfViewMiddleware when an HTTPS request has a...
Tomer Chachamu
2017-09-20
Fixed #28488 -- Reallowed error handlers to access CSRF tokens.
Florian Apolloner
2017-03-04
Refs #27656 -- Updated remaining docstring verbs according to PEP 257.
Anton Samarchyan
2017-01-30
Refs #23919 -- Assumed request COOKIES and META are str
Claude Paroz
2017-01-18
Refs #23919 -- Removed most of remaining six usage
Claude Paroz
2017-01-18
Refs #23919 -- Removed encoding preambles and future imports
Claude Paroz
2016-11-30
Refs #16859 -- Allowed storing CSRF tokens in sessions.
Raphael Michel
2016-06-04
Fixed #26628 -- Changed CSRF logger to django.security.csrf.
Holly Becker
2016-05-19
Fixed some newlines in imports per isort.
Tim Graham
2016-05-19
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Shai Berger
2016-05-17
Fixed #26601 -- Improved middleware per DEP 0005.
Florian Apolloner
2016-05-03
Fixed #26567 -- Updated references to obsolete RFC2616.
Vasiliy Faronov
2016-04-08
Fixed E128 flake8 warnings in django/.
Tim Graham
2016-01-20
Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True).
chemary
2015-12-31
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
Marten Kenbeek
2015-09-16
Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Matt Robenolt
2015-09-05
Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS.
Joshua Kehn
2015-05-02
Fixed #24696 -- Made CSRF_COOKIE computation lazy.
Jay Cox
2015-03-05
Fixed #21495 -- Added settings.CSRF_HEADER_NAME
Grzegorz Slusarek
2015-02-06
Sorted imports with isort; refs #23860.
Tim Graham
2015-01-06
Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
Claude Paroz
2014-06-25
Fixed #20128 -- Made CsrfViewMiddleware ignore IOError when reading POST data.
Tim Graham
2014-03-06
Fixed #22185 -- Added settings.CSRF_COOKIE_AGE
Roger Hu
2013-11-03
Fixed flake8 E251 violations
Milton Mazzarri
2013-11-02
More attacking E302 violators
Alex Gaynor
2013-11-02
Fixed #21324 -- Translate CSRF failure view
Bouke Haarsma
2013-10-18
Fixed bug causing CSRF token not to rotate on login.
Tim Graham
2013-06-19
Removed several unused imports.
Aymeric Augustin
2013-05-24
Rotate CSRF token on login
Andrew Godwin
2013-05-18
Fixed #19436 -- Don't log warnings in ensure_csrf_cookie.
Olivier Sels
2013-02-07
Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.
Aymeric Augustin
2013-01-29
Fixed typos in docs and comments
Tim Graham
2012-09-20
Imported getLogger directly from logging module
Claude Paroz
2012-09-10
fixed rfc comment typo in middleware/csrf.py
Collin Anderson
2012-08-13
[py3] Made csrf context processor return Unicode
Claude Paroz
2012-02-17
Documentation (and some small source code) edits from [17432] - [17537]
Adrian Holovaty
2012-02-11
Fixes #16827. Adds a length check to CSRF tokens before applying the santizin...
Paul McMillan
2012-02-09
Fixed #17358 -- Updated logging calls to use official syntax for arguments in...
Jannis Leidel
2011-05-09
Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Luke Plant
2011-05-09
Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF c...
Luke Plant
2011-03-30
Removed deprecated CsrfResponseMiddleware, and corresponding tests and docs
Luke Plant
2011-03-30
Removed Django 1.1 fallback for CSRF checks.
Luke Plant
2011-03-28
Removed a bunch more Python 2.4 workarounds now that we don't support that ve...
Adrian Holovaty
2011-03-15
Fixed #15617 - CSRF referer checking too strict
Luke Plant
2011-02-21
Corrected logging call in CSRF middleware
Luke Plant
2011-02-09
Fixed a security issue in the CSRF component. Disclosure and new release for...
Alex Gaynor
2010-10-28
Fixed #14565 - No csrf_token on 404 page.
Luke Plant
[next]