summaryrefslogtreecommitdiff
path: root/docs/ref/contrib/csrf.txt
AgeCommit message (Collapse)Author
2014-11-03Moved CSRF docs out of contrib.Thomas Chaumeny
2014-09-21Fixed #23527 -- Removed Cheetah references in docsOla Sitarska
Thanks to @aaugustin for submitting the ticket.
2014-06-18Removed a CSRF example for jQuery < 1.5.Tim Graham
2014-06-18Fixed #22859 -- Improved crossDomain technique in CSRF example.Tim Graham
Thanks flisky for the report.
2014-06-09Removed extras/csrf_migration_helper.pyTim Graham
2014-03-06Fixed #22185 -- Added settings.CSRF_COOKIE_AGERoger Hu
Thanks Paul McMillan for the review.
2014-01-29Fix typo CRSF -> CSRFIan Foote
2013-05-24Update link to jQuery Cookie plugin siteAlasdair Nicol
2013-05-19Add missing imports and models to the examples in security documentationSilvan Spross
2013-03-22Added missing markup to docs.Tim Graham
2013-02-07Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.Aymeric Augustin
Thanks Samuel Lavitt for the report and Sascha Peilicke for the patch.
2013-01-12Fixed #14633 - Organized settings reference docs and added a topical index.Tim Graham
Thanks Gabriel Hurley for the original idea and adamv for the draft patch.
2012-12-29Removed versionadded/changed annotations dating back to 1.4.Aymeric Augustin
2012-09-29Fixed #17058 - Clarified where extras/csrf_migration_helper.py is locatedTim Graham
2012-09-01Fixed #16936 - Updated javascript for CSRF protection.Tim Graham
Thanks Idan Gazit for the patch.
2012-06-07Removed references to changes made in 1.2.Aymeric Augustin
Thanks Florian Apolloner for the patch.
2012-06-07Fixed #18397 -- Avoided referencing lawrence.com.Aymeric Augustin
This commit includes multiple small related changes, see the ticket for a full discussion.
2012-03-02Fixed #17790 - Made the Ajax CSRF jQuery example work with jQuery in ↵Carl Meyer
compatibility mode, too. Thanks Jonathan Hayward for the suggestion. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-27Added versionadded info for ensure_csrf_cookie decoratorLuke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-27Fixed ReST typo in CSRF docs.Luke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30Edited csrf.txt changes from [17299]Adrian Holovaty
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30Fixed #16704 -- Documented how to insert the CSRF token outside of Django's ↵Aymeric Augustin
own template engine. Thanks paulcwatts and bpeschier for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-19Fixed #17105 - Typos in docs/ref/contrib/csrf.txt; thanks googol for the report.Timo Graham
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17109 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14Fixed many more ReST indentation errors, somehow accidentally missed from ↵Luke Plant
[16955] git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04Converted links to external topics so they use intersphinx extension markup.Ramiro Morales
This allows to make these links more resilent to changes in the target URLs. Thanks Jannis for the report and Aymeric Augustin for the patch. Fixes #16586. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.Jannis Leidel
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13Fixed #16606 - Typo in docs/ref/contrib/csrf.txt; thanks selwin.Timo Graham
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16612 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-14Added a note about the AJAX CSRF example not working on jQuery 1.5Brian Rosner
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10Refs #15855 -- Recommended the csrf_protect decorator rather than ↵Carl Meyer
vary_on_cookie as workaround for cache_page caching the response before it gets to middleware. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16361 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10Fixed #14201 - Add a "security overview" page to the docsLuke Plant
Thanks to davidfischer for the initial patch! git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21Tweaked some `render_to_response` links in the documentation.Ramiro Morales
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16255 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-13Fixed #16014 -- numerous documentation typos -- thanks psmith.Simon Meers
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Updated AJAX example code in CSRF docs to be consistent regarding what are ↵Luke Plant
safe HTTP methods git-svn-id: http://code.djangoproject.com/svn/django/trunk@16202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requestsLuke Plant
Thanks to brodie for the report, and further input from tow21 This is a potentially backwards incompatible change - if you were doing PUT/DELETE requests and relying on the lack of protection, you will need to update your code, as noted in the releaste notes. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF ↵Luke Plant
cookie Thanks to cfattarsi for the report and initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Added 'settings' section to CSRF docs, eliminating the unneeded 'Subdomains' ↵Luke Plant
section git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Clarified wording about use of 2 decorators in CSRF docsLuke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Added clarifying note to docs for CSRF_COOKIE_DOMAINLuke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Fixed #15354 - provide method to ensure CSRF token is always available for ↵Luke Plant
AJAX requests Thanks to sayane for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Fixed #15469 - CSRF token is inserted on GET requestsLuke Plant
Thanks to goran for report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Mentioned simplification of AJAX example code in CSRF docs.Luke Plant
Refs #15469. Thanks to aaugustin for the suggestion git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Documented the edge case of needing a view that is partly CSRF protectedLuke Plant
Refs #15518. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09In CSRF docs, moved 'Exceptions' section to 'Edge cases', and cleaned up ↵Luke Plant
some associated markup git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Fixed #15518 - documented requires_csrf_tokenLuke Plant
Thanks to vzima for a report that raised the issue. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Changed an example in CSRF docs to use new 'render' shortcutLuke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or ↵Luke Plant
absolute same origin URLs Thanks to nick for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20Corrected factual error regarding logging in the CSRF docsLuke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16047 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30Removed deprecated CsrfResponseMiddleware, and corresponding tests and docsLuke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22Removed example CSRF jQuery code from release notes, replacing with link to ↵Luke Plant
improved code in the CSRF docs git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12Fixed #15284 - improved example jQuery code for adding X-CSRF-TokenLuke Plant
Using the ajaxSend event is better than beforeSend, because the beforeSend callback can have only one value, which makes it painful if it is needed by multiple bits of javascript. Thanks to LukeMaurer for report and initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15515 bcc190cf-cafb-0310-a4f2-bffc1f526a37