| Age | Commit message (Collapse) | Author |
|
Thanks Mike Edmunds for flagging these issues and for the review.
|
|
This follows the contributing guidelines that state:
[...] Avoid referring to a specific version of Django outside a
``deprecated`` block. Even inside a block, it's often redundant to do so
as these annotations render as "Deprecated since version A.B".
|
|
|
|
* Fixed typos related to automated EMAIL_PROVIDERS -> MAILERS renaming.
* Clarified wording in some recently added/updated sections.
* Removed deprecated, extraneous `fail_silently=False` from examples.
* Moved EmailBackend API documentation out of "Email backends" intro
into a dedicated section in email.txt.
* Sorted MAILERS alphabetically in settings.txt.
|
|
See DEP 0018.
Added:
* MAILERS setting.
* django.core.mail.mailers dict-like EmailBackend factory.
* `using` argument to mail sending APIs.
* `sent_using` attribute to mail.outbox messages in locmem backend.
* MAILERS in startproject settings template, set to console backend.
* AdminLogHandler.using argument.
* BrokenLinkEmailsMiddleware.send_mail() method.
Updated:
* BaseEmailBackend to track the MAILERS alias used to construct it, and
to report errors for unknown kwargs (OPTIONS).
* EmailBackend implementations to initialize from kwargs (OPTIONS) only
when MAILERS is being used.
* smtp.EmailBackend to require `host` option and to default `port`
option based on SSL/TLS options.
* SimpleTestCase setup to substitute the locmem backend for all defined
MAILERS configurations.
* Django's tests that send mail to define MAILERS.
Deprecated:
* EMAIL_BACKEND and other backend-related EMAIL_* settings.
* mail.get_connection().
* The `connection`, `fail_silently`, `auth_user`, and `auth_password`
arguments to mail functions.
* The EmailMessage.connection attribute.
* BaseEmailBackend support for `fail_silently`. Backends that support
fail_silently (SMTP, console, file) now implement it directly.
* AdminEmailHandler.email_backend argument.
Removed undocumented features without deprecation:
* EmailMessage.get_connection() method. (send() now raises an error if a
subclass has attempted to override it.)
* EmailMessage.send() no longer sets self.connection to the connection
used for sending. (It still _uses_ a pre-existing self.connection.)
* AdminEmailHandler.connection() method. (Init now raises an error if a
subclass has attempted to override it.)
Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive
reviews and suggestions on the implementation.
Thanks to Jacob Rief for the initial implementation and multiple
iterations while refining the design.
Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
|
|
New default tag `{% csp_nonce_attr %}` was added for explicit CSP nonce
inclusion into `<script>` and `<link>` elements.
`{% csp_nonce_attr %}` renders `nonce="<value>"` when `csp_nonce` is
present in the template context, and renders nothing otherwise.
`{% csp_nonce_attr media %}` renders a `Media` object's assets with the
nonce attr applied to each tag.
Thanks Jacob Walls for the accurate and spot on review comments.
Co-authored-by: Johannes Maron <johannes@maron.family>
|
|
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
Co-authored-by: Jake Howard <git@theorangeone.net>
|
|
|
|
|
|
projects.unbit.it has an invalid certificate and provides old packages.
|
|
RemoteUserMiddleware under ASGI.
We have a flood of nuisance security reports describing ASGI deployments
using RemoteUserMiddleware without a fronting proxy, which is not
realistic.
|
|
Thanks Sarah Boyce for the idea and Tim McCurrach for the review.
Co-authored-by: Timothy McCurrach <tim.mccurrach@gmail.com>
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
This avoids latency and/or blocking.
The example of streaming a CSV file was rewritten to employ batching for
greater efficiency in all layers (db, HTTP, etc.). The improved
performance from batching should outweigh the drag introduced by an
additional byte for each flush.
Co-authored-by: huoyinghui <huoyinghui@users.noreply.github.com>
|
|
Co-authored-by: Clifford Gama <cliffygamy@gmail.com>
|
|
https://github.com/psf/black/releases/tag/26.1.0
|
|
Signed-off-by: JaeHyuck Sa <wogur981208@gmail.com>
|
|
|
|
docs/howto/upgrade-version.txt.
|
|
|
|
|
|
Python objects.
Thanks Bruno Alla, Sarah Boyce, and Jacob Walls for reviews.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
|
|
|
m2m field to use a through model.
|
|
|
|
|
|
|
|
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
|
|
|
|
|
|
docs.
|
|
management command.
|
|
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
docs/howto/custom-template-tags.txt.
|
|
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
RemoteUserMiddleware.
|
|
reporting.
|
|
|
|
This can be achieved with the --no-imports flag.
|
|
Thanks to Bhuvnesh Sharma and Adam Johnson for mentoring this Google
Summer of Code 2024 project. Thanks to Sarah Boyce, David Smith, Jacob
Walls and Natalia Bidart for reviews.
|
|
Before, the full suite of system checks was run by these commands
regardless if requires_system_checks had been overridden.
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
|
|
Previously, this was a bare list of sub-pages, not in any discernible
order, and hard to parse.
Now the sub-pages are grouped in sections by topic. It's unlikely to be
the final word on how this material is arranged, but it's a clear
improvement on the existing arrangement and provides a good basis for
next steps.
|
|
|
|
|
|
|