summaryrefslogtreecommitdiff
path: root/django/views/csrf.py
AgeCommit message (Collapse)Author
2023-12-04Fixed #34830 -- Added request to bad_request/csrf_failure view template ↵yushanfans2233
contexts.
2023-11-08Reverted "Fixed #34830 -- Added request to csrf_failure view's template ↵Natalia
context." This reverts commit 535f7b5c6cea54a0796d85bbe213183d50002689.
2023-11-07Fixed #34830 -- Added request to csrf_failure view's template context.Prakhar
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-05-18Refs 34343 -- Removed outdated comment about inline template from CSRF view ↵Adam Johnson
file.
2023-02-17Fixed #34343 -- Moved built-in templates to filesystem.Nick Pope
2022-03-09Fixed #33567 -- Avoided setting default text/html content type on responses.Claude Paroz
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-07-29Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵David Smith
appropriate.
2020-07-30Bumped minimum isort version to 5.1.0.David Smith
Fixed inner imports per isort 5. isort 5.0.0 to 5.1.0 was unstable.
2020-07-08Refs #30400 -- Improved typography in debug and csrf templates.Jon Dufresne
2019-06-28Fixed #30400 -- Improved typography of user facing strings.Jon Dufresne
Thanks Claude Paroz for assistance with translations.
2017-09-21Fixed #28508 -- Set the foreground color to black in CSRF and 404 error ↵Stefan Sinca
templates.
2017-06-22Refs #16870 -- Doc'd that CSRF protection requires the Referer header.Flávio Juvenal
2017-02-07Converted usage of ugettext* functions to their gettext* aliasesClaude Paroz
Thanks Tim Graham for the review.
2016-12-28Fixed #27258 -- Prohibited django.Template.render() with non-dict context.Shivang Bharadwaj
Thanks Shivang Bharadwaj for the initial patch.
2016-04-05Fixed #26201 -- Documented the consequences of rotating the CSRF token on login.Vaclav Ehrlich
2015-11-17Removed blank line to appease isort.Tim Graham
2015-11-17Fixed #25695 -- Added template_name parameter to csrf_failure() view.Raphael Michel
2015-02-22Fixed #24389 -- Isolated the CSRF view from the TEMPLATES setting.Aymeric Augustin
Thanks uranusjr for the report and analysis.
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2014-12-25Updated link to CSRF docsClaude Paroz
Refs #23866.
2014-12-25Fixed #23866 -- Harmonized refs to Django documentation from codeClaude Paroz
2013-11-03Fixed #21322 -- Error message when CSRF cookie is missingBouke Haarsma
Thanks to Henrik Levkowetz and olau for their reports and initial patches.
2013-11-02Fixed #21324 -- Translate CSRF failure viewBouke Haarsma
Thanks to Claude Paroz for the original patch.
2012-06-30Removed usage of mimetype kwarg of HttpResponseClaude Paroz
Refs #16519.
2012-02-21Improved CSRF error message.Paul McMillan
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-12Fixed #16009 - typo in CSRF_FAILRE_TEMPLATE.Luke Plant
Thanks to adehnert for report and patch. Though I flail to see what problem it was causing... git-svn-id: http://code.djangoproject.com/svn/django/trunk@16216 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20Switched to HTML5 doctype in all Django supplied templates.Luke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16050 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09Fixed #11509 -- Modified usage of "Web" to match our style guide in various ↵Russell Keith-Magee
documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-03Added explanatory note on CSRF failure page for the case of a missing ↵Luke Plant
Referer header. This is intended to help power users who have disabled Referer headers, or installed add-ons which have done so, and to help web site administrators with debugging, since this problem will be browser specific and not a programming error. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-22Fixed #13590 - Made CSRF failure page styling consistent with Django's ↵Luke Plant
default error page styling. Thanks to alefteris for suggestion. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13300 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03Fixed #12130 - documented need for csrf_protect on views that don't accept POSTLuke Plant
Includes: * proper documentation for csrf_protect * notes in comments app. * specific upgrade notes for comments app Thanks to carljm for report and debugging. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-29Improved HTML in CSRF debug template - <code> instead of <tt>Luke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27Small improvement to CSRF failure template.Luke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27Moved contrib.csrf.* to core code.Luke Plant
There is stub code for backwards compatiblity with Django 1.1 imports. The documentation has been updated, but has been left in docs/contrib/csrf.txt for now, in order to avoid dead links to documentation on the website. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37