summaryrefslogtreecommitdiff
path: root/django/middleware/csrf.py
AgeCommit message (Expand)Author
2018-09-08Fixed #29728 -- Prevented session resaving if CSRF cookie is unchanged.Michal Čihař
2018-05-04Fixed #26688 -- Fixed HTTP request logging inconsistencies.Samir Shah
2018-04-13Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor
2018-02-14Fixed #28693 -- Fixed crash in CsrfViewMiddleware when an HTTPS request has a...Tomer Chachamu
2017-09-20Fixed #28488 -- Reallowed error handlers to access CSRF tokens.Florian Apolloner
2017-03-04Refs #27656 -- Updated remaining docstring verbs according to PEP 257.Anton Samarchyan
2017-01-30Refs #23919 -- Assumed request COOKIES and META are strClaude Paroz
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-30Refs #16859 -- Allowed storing CSRF tokens in sessions.Raphael Michel
2016-06-04Fixed #26628 -- Changed CSRF logger to django.security.csrf.Holly Becker
2016-05-19Fixed some newlines in imports per isort.Tim Graham
2016-05-19Fixed #20869 -- made CSRF tokens change every request by salt-encrypting themShai Berger
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
2016-05-03Fixed #26567 -- Updated references to obsolete RFC2616.Vasiliy Faronov
2016-04-08Fixed E128 flake8 warnings in django/.Tim Graham
2016-01-20Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True).chemary
2015-12-31Fixed #26013 -- Moved django.core.urlresolvers to django.urls.Marten Kenbeek
2015-09-16Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.Matt Robenolt
2015-09-05Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS.Joshua Kehn
2015-05-02Fixed #24696 -- Made CSRF_COOKIE computation lazy.Jay Cox
2015-03-05Fixed #21495 -- Added settings.CSRF_HEADER_NAMEGrzegorz Slusarek
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2015-01-06Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middlewareClaude Paroz
2014-06-25Fixed #20128 -- Made CsrfViewMiddleware ignore IOError when reading POST data.Tim Graham
2014-03-06Fixed #22185 -- Added settings.CSRF_COOKIE_AGERoger Hu
2013-11-03Fixed flake8 E251 violationsMilton Mazzarri
2013-11-02More attacking E302 violatorsAlex Gaynor
2013-11-02Fixed #21324 -- Translate CSRF failure viewBouke Haarsma
2013-10-18Fixed bug causing CSRF token not to rotate on login.Tim Graham
2013-06-19Removed several unused imports.Aymeric Augustin
2013-05-24Rotate CSRF token on loginAndrew Godwin
2013-05-18Fixed #19436 -- Don't log warnings in ensure_csrf_cookie.Olivier Sels
2013-02-07Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.Aymeric Augustin
2013-01-29Fixed typos in docs and commentsTim Graham
2012-09-20Imported getLogger directly from logging moduleClaude Paroz
2012-09-10fixed rfc comment typo in middleware/csrf.pyCollin Anderson
2012-08-13[py3] Made csrf context processor return UnicodeClaude Paroz
2012-02-17Documentation (and some small source code) edits from [17432] - [17537]Adrian Holovaty
2012-02-11Fixes #16827. Adds a length check to CSRF tokens before applying the santizin...Paul McMillan
2012-02-09Fixed #17358 -- Updated logging calls to use official syntax for arguments in...Jannis Leidel
2011-05-09Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requestsLuke Plant
2011-05-09Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF c...Luke Plant
2011-03-30Removed deprecated CsrfResponseMiddleware, and corresponding tests and docsLuke Plant
2011-03-30Removed Django 1.1 fallback for CSRF checks.Luke Plant
2011-03-28Removed a bunch more Python 2.4 workarounds now that we don't support that ve...Adrian Holovaty
2011-03-15Fixed #15617 - CSRF referer checking too strictLuke Plant
2011-02-21Corrected logging call in CSRF middlewareLuke Plant
2011-02-09Fixed a security issue in the CSRF component. Disclosure and new release for...Alex Gaynor
2010-10-28Fixed #14565 - No csrf_token on 404 page.Luke Plant