| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-07-04 | Removed unneeded hyphens in "counterintuitive". | Carlton Gibson | |
| Follow-up to 65ad4ade74dc9208b9d686a451cd6045df0c9c3a which added counterintuitive to the wordlist. Removes unneeded (antiquated) hyphenated usages. See e.g. https://www.merriam-webster.com/dictionary/counterintuitive | |||
| 2024-05-29 | Fixed 35467 -- Replaced urlparse with urlsplit where appropriate. | Jake Howard | |
| This work should not generate any change of functionality, and `urlsplit` is approximately 6x faster. Most use cases of `urlparse` didn't touch the path, so they can be converted to `urlsplit` without any issue. Most of those which do use `.path`, simply parse the URL, mutate the querystring, then put them back together, which is also fine (so long as urlunsplit is used). | |||
| 2024-02-05 | Fixed #27225 -- Added "Age" header when fetching cached responses. | Rinat Khabibiev | |
| Co-Authored-By: Author: Alexander Lazarević <laza@e11bits.com> | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2023-12-08 | Fixed #34742 -- Made CommonMiddleware raise APPEND_SLASH RuntimeError on ↵ | Avaneesh Kumar | |
| DELETE requests. | |||
| 2023-05-02 | Fixed #34515 -- Made LocaleMiddleware prefer language from paths when i18n ↵ | Mariusz Felisiak | |
| patterns are used. Regression in 94e7f471c4edef845a4fe5e3160132997b4cca81. This reverts commit 94e7f471c4edef845a4fe5e3160132997b4cca81 (refs #34069) and partly reverts commit 3b4728310a7a64f8fcc548163b0aa5f98a5c78f5. Thanks Anthony Baillard for the report. Co-Authored-By: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2023-01-17 | Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2022-12-22 | Fixed #33735 -- Added async support to StreamingHttpResponse. | Carlton Gibson | |
| Thanks to Florian Vazelle for initial exploratory work, and to Nick Pope and Mariusz Felisiak for review. | |||
| 2022-12-17 | Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. | Andreas Pelme | |
| 2022-11-14 | Fixed #34074 -- Added headers argument to RequestFactory and Client classes. | David Wobrock | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-10-31 | Used more augmented assignment statements. | Nick Pope | |
| Identified using the following command: $ git grep -I '\(\<[_a-zA-Z0-9]\+\>\) *= *\1 *[-+/*^%&|<>@]' | |||
| 2022-10-13 | Fixed #34069 -- Made LocaleMiddleware respect language from requests when ↵ | Sergio | |
| i18n patterns are used. | |||
| 2022-06-02 | Fixed #33700 -- Skipped extra resolution for successful requests not ending ↵ | Anders Kaseorg | |
| with /. By moving a should_redirect_with_slash call out of an if block, commit 9390da7fb6e251eaa9a785692f987296cb14523f negated the performance fix of commit 434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (#24720). Meanwhile, the logging issue #26293 that it targeted was subsequently fixed more fully by commit 40b69607c751c4afa453edfd41d2ed155e58187e (#26504), so it is no longer needed. This effectively reverts it. This speeds up successful requests not ending with / when APPEND_SLASH is enabled (the default, and still useful in projects with a mix of URLs with and without trailing /). The amount of speedup varies from about 5% in a typical project to nearly 50% on a benchmark with many routes. Signed-off-by: Anders Kaseorg <andersk@mit.edu> | |||
| 2022-04-29 | Refs #30426 -- Updated XFrameOptionsMiddleware docstring. | Clemens Wolff | |
| Follow up to 05d0eca635853564c57e639ac5590674a7de2ed6. | |||
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-11-29 | Refs #32800 -- Renamed _sanitize_token() to _check_token_format(). | Chris Jerdonek | |
| 2021-11-29 | Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret. | Chris Jerdonek | |
| This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-11-03 | Fixed #33252 -- Made cache middlewares thread-safe. | Iuri de Silvio | |
| 2021-09-01 | Fixed #32768 -- Added Vary header when redirecting to prefixed i18n pattern. | Alex Hayward | |
| get_language_from_request() uses Accept-Language and/or Cookie to determine the correct redirect. Upstream caches need the matching Vary header to cache the result. | |||
| 2021-08-17 | Refs #32800 -- Added _add_new_csrf_cookie() helper function. | Chris Jerdonek | |
| This centralizes the logic to use when setting a new cookie. It also eliminates the need for the _get_new_csrf_token() function, which is now removed. | |||
| 2021-08-17 | Refs #32800 -- Renamed _set_token() to _set_csrf_cookie(). | Chris Jerdonek | |
| 2021-08-03 | Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match(). | Chris Jerdonek | |
| 2021-07-29 | Refs #32916 -- Replaced request.csrf_cookie_needs_reset with ↵ | Chris Jerdonek | |
| request.META['CSRF_COOKIE_NEEDS_UPDATE']. | |||
| 2021-07-29 | Fixed #32916 -- Combined request.META['CSRF_COOKIE_USED'] and ↵ | Chris Jerdonek | |
| request.csrf_cookie_needs_reset. | |||
| 2021-07-23 | Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError. | Virtosu Bogdan | |
| Thanks Chris Jerdonek for the review. | |||
| 2021-07-23 | Fixed #32902 -- Fixed CsrfViewMiddleware.process_response()'s cookie reset ↵ | Chris Jerdonek | |
| logic. Thanks Florian Apolloner and Shai Berger for reviews. | |||
| 2021-06-23 | Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token ↵ | Chris Jerdonek | |
| error messages. | |||
| 2021-06-22 | Fixed #32842 -- Refactored out CsrfViewMiddleware._check_token(). | Chris Jerdonek | |
| 2021-06-12 | Fixed comment in CsrfViewMiddleware to say _reject instead of reject. | Chris Jerdonek | |
| 2021-06-01 | Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly ↵ | Chris Jerdonek | |
| formatted cookie tokens. | |||
| 2021-05-31 | Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly ↵ | Chris Jerdonek | |
| formatted tokens. | |||
| 2021-05-29 | Refs #32778 -- Improved the name of the regex object detecting invalid CSRF ↵ | Chris Jerdonek | |
| token characters. This also improves the comments near where the variable is used. | |||
| 2021-05-28 | Refs #32596 -- Added early return on safe methods in ↵ | Chris Jerdonek | |
| CsrfViewMiddleware.process_view(). | |||
| 2021-05-28 | Refs #32596 -- Optimized CsrfViewMiddleware._check_referer() to delay ↵ | Chris Jerdonek | |
| computing good_referer. | |||
| 2021-05-28 | Fixed #32596 -- Added CsrfViewMiddleware._check_referer(). | Chris Jerdonek | |
| This encapsulates CsrfViewMiddleware's referer logic into a method and updates existing tests to check the "seam" introduced by the refactor, when doing so would improve the test. | |||
| 2021-05-25 | Fixed #32778 -- Avoided unnecessary recompilation of token regex in ↵ | abhiabhi94 | |
| _sanitize_token(). | |||
| 2021-04-30 | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | |
| 2021-03-30 | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | |
| Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | |||
| 2021-03-25 | Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin ↵ | Chris Jerdonek | |
| header has an invalid host. | |||
| 2021-03-25 | Refs #32579 -- Fixed cookie domain comment in CsrfViewMiddleware.process_view(). | Chris Jerdonek | |
| 2021-03-25 | Refs #32579 -- Optimized good_hosts creation in ↵ | Chris Jerdonek | |
| CsrfViewMiddleware.process_view(). | |||
| 2021-03-19 | Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header. | Adam Donaghy | |
| 2021-03-18 | Fixed #16010 -- Added Origin header checking to CSRF middleware. | Tim Graham | |
| Thanks David Benjamin for the original patch, and Florian Apolloner, Chris Jerdonek, and Adam Johnson for reviews. | |||
| 2021-03-18 | Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme. | Tim Graham | |
| 2021-01-14 | Refs #26601 -- Made get_response argument required and don't accept None in ↵ | Mariusz Felisiak | |
| middleware classes. Per deprecation timeline. | |||
| 2020-10-28 | Made small readability improvements. | Martin Thoma | |
| 2020-10-22 | Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. | Carlton Gibson | |
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-08-28 | Fixed #31928 -- Fixed detecting an async get_response in various middlewares. | Kevin Michel | |
| SecurityMiddleware and the three cache middlewares were not calling super().__init__() during their initialization or calling the required MiddlewareMixin._async_check() method. This made the middlewares not properly present as coroutine and confused the middleware chain when used in a fully async context. Thanks Kordian Kowalski for the report. | |||
