| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-09-10 | Fixed #27083 -- Added support for weak ETags. | Kevin Christopher Henry | |
| 2016-08-10 | Fixed #26947 -- Added an option to enable the HSTS header preload directive. | Ed Morley | |
| 2016-07-15 | Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response ↵ | andrewnester | |
| has Cache-Control: no-store. | |||
| 2016-06-27 | Fixed #5897 -- Added the Content-Length response header in CommonMiddleware | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-06-17 | Refs #26601 -- Improved backwards-compatibility of DEP 5 middleware ↵ | Carl Meyer | |
| exception handling. | |||
| 2016-06-04 | Removed an unused logger in middleware/common.py | Tim Graham | |
| 2016-06-04 | Fixed #26628 -- Changed CSRF logger to django.security.csrf. | Holly Becker | |
| 2016-05-19 | Fixed some newlines in imports per isort. | Tim Graham | |
| 2016-05-19 | Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them | Shai Berger | |
| Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. | |||
| 2016-05-17 | Fixed #26601 -- Improved middleware per DEP 0005. | Florian Apolloner | |
| Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP. | |||
| 2016-05-17 | Refs #26601 -- Refactored BaseHandler to prepare for new-style middleware. | Florian Apolloner | |
| 2016-05-03 | Fixed #26567 -- Updated references to obsolete RFC2616. | Vasiliy Faronov | |
| Didn't touch comments where it wasn't obvious that the code adhered to the newer standard. | |||
| 2016-04-08 | Fixed E128 flake8 warnings in django/. | Tim Graham | |
| 2016-04-04 | Fixed W503 flake8 warnings. | Tim Graham | |
| 2016-03-23 | Fixed #26293 -- Fixed CommonMiddleware to process PREPEND_WWW and ↵ | ieatkittens | |
| APPEND_SLASH independently. | |||
| 2016-03-10 | Refs #25933 -- Fixed i18n_patterns() prefix_default_language=False with ↵ | Krzysztof Urbaniak | |
| HTTP_ACCEPT_LANGUAGE header. | |||
| 2016-03-08 | Fixed #25971 -- Made BrokenLinkEmailsMiddleware ignore APPEND_SLASH redirects. | harikrishnakanchi | |
| If APPEND_SLASH=True and the referer is the URL without a trailing '/', then BrokenLinkEmailsMiddleware shouldn't send an email. | |||
| 2016-03-08 | Fixed #25933 -- Allowed an unprefixed default language in i18n_patterns(). | Krzysztof Urbaniak | |
| 2016-03-03 | Fixed #26295 -- Allowed using i18n_patterns() in any root URLconf. | Simon Charette | |
| Thanks Tim for the review. | |||
| 2016-02-09 | Fixed typo in django/middleware/common.py docstring. | Liam Brenner | |
| 2016-01-20 | Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True). | chemary | |
| 2016-01-05 | Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support. | Denis Cornehl | |
| Thanks Denis Cornehl for help with the patch. | |||
| 2015-12-31 | Fixed #26013 -- Moved django.core.urlresolvers to django.urls. | Marten Kenbeek | |
| Thanks to Tim Graham for the review. | |||
| 2015-12-10 | Fixed #25900 -- Fixed regression in CommonMiddleware ETag support. | Derek J. Curtis | |
| 2015-11-26 | Fixed #25302 (again) -- Ignored scheme when checking for bad referers. | Aymeric Augustin | |
| The check introduced in 4ce433e was too strict in real life. The poorly implemented bots this patch attempted to ignore are sloppy when it comes to http vs. https. | |||
| 2015-09-16 | Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN. | Matt Robenolt | |
| Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews. | |||
| 2015-09-05 | Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS. | Joshua Kehn | |
| Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other domains that are included during the CSRF Referer header verification for secure (HTTPS) requests. | |||
| 2015-08-24 | Fixed #25302 -- Prevented BrokenLinkEmailsMiddleware from reporting 404s ↵ | Maxime Lorant | |
| when Referer = URL. | |||
| 2015-08-15 | Fixed #24935 -- Refactored common conditional GET handling. | Denis Cornehl | |
| 2015-08-08 | Updated Wikipedia links to use https | Claude Paroz | |
| 2015-07-31 | Fixed #24720 -- Avoided resolving URLs that don't end in a slash twice in ↵ | Jay Cox | |
| CommonMiddleware. This speeds up affected requests by about 5%. | |||
| 2015-06-27 | Fixed #25017 -- Allowed customizing the DISALLOWED_USER_AGENTS response | sujayskumar | |
| 2015-05-13 | Removed unnecessary arguments in .get method calls | Piotr Jakimiak | |
| 2015-05-02 | Fixed #24696 -- Made CSRF_COOKIE computation lazy. | Jay Cox | |
| Only compute the CSRF_COOKIE when it is actually used. This is a significant speedup for clients not using cookies. Changed result of the “test_token_node_no_csrf_cookie” test: It gets a valid CSRF token now which seems like the correct behavior. Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to use get_token() to trigger CSRF cookie inclusion instead of changing request.META["CSRF_COOKIE_USED"] directly. | |||
| 2015-04-21 | Fixed #24681 -- Removed Unicode bug in BrokenLinkEmailMiddleware | Oliver A Bristow | |
| 2015-03-26 | Fixed #19910 -- Added slash to i18n redirect if APPEND_SLASH is set. | Bas Peschier | |
| This introduces a force_append_slash argument for request.get_full_path() which is used by RedirectFallbackMiddleware and CommonMiddleware when handling redirects for settings.APPEND_SLASH. | |||
| 2015-03-18 | Fixed #23960 -- Removed http.fix_location_header | Claude Paroz | |
| Thanks Carl Meyer for the report and Tim Graham for the review. | |||
| 2015-03-05 | Fixed #21495 -- Added settings.CSRF_HEADER_NAME | Grzegorz Slusarek | |
| 2015-03-02 | Fixed #24360 -- Delayed internal LocaleMiddleware variable initialization | Claude Paroz | |
| Failing in a middleware `__init__` is preventing proper debug view. | |||
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2015-02-01 | Removed UpdateCacheMiddleware._session_accessed() | Tim Graham | |
| This method is unused since f567d04b249913db4a37adab8ba521cdc974d423 | |||
| 2015-01-29 | Fixed #24145 -- Added PUT & PATCH to CommonMiddleware APPEND_SLASH redirect ↵ | Samuel Colvin | |
| error. | |||
| 2015-01-06 | Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware | Claude Paroz | |
| Thanks codeitloadit for the report, living180 for investigations and Tim Graham for the review. | |||
| 2014-11-04 | Fixed #23531 -- Added CommonMiddleware.response_redirect_class. | Berker Peksag | |
| 2014-09-12 | Fixed #17101 -- Integrated django-secure and added check --deploy option | Tim Graham | |
| Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews. | |||
| 2014-08-14 | Fixed #21579 -- Made LocaleMiddleware respect script prefix. | Tim Graham | |
| Thanks buettgenbach at datacollect.com for the report and patch. | |||
| 2014-06-25 | Fixed #20128 -- Made CsrfViewMiddleware ignore IOError when reading POST data. | Tim Graham | |
| Thanks Walter Doekes. | |||
| 2014-06-13 | Fixed #22440 -- Updated ConditionalGetMiddleware to comply with RFC 2616. | Mark Lavin | |
| 2014-06-10 | Fixed #17552 -- Removed a hack for IE6 and earlier. | Aymeric Augustin | |
| It prevented the GZipMiddleware from compressing some data types even on more recent version of IE where the corresponding bug was fixed. Thanks Aaron Cannon for the report and Tim Graham for the review. | |||
| 2014-05-28 | Fixed several typos in Django | Alex Gaynor | |
