| Age | Commit message (Collapse) | Author |
|
|
|
Thanks to @aaugustin for submitting the ticket.
|
|
|
|
Thanks flisky for the report.
|
|
|
|
Thanks Paul McMillan for the review.
|
|
|
|
|
|
|
|
|
|
Thanks Samuel Lavitt for the report and Sascha Peilicke for the patch.
|
|
Thanks Gabriel Hurley for the original idea
and adamv for the draft patch.
|
|
|
|
|
|
Thanks Idan Gazit for the patch.
|
|
Thanks Florian Apolloner for the patch.
|
|
This commit includes multiple small related changes, see the ticket
for a full discussion.
|
|
compatibility mode, too. Thanks Jonathan Hayward for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
own template engine. Thanks paulcwatts and bpeschier for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17109 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
[16955]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.
Fixes #16586.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16612 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
vary_on_cookie as workaround for cache_page caching the response before it gets to middleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16361 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Thanks to davidfischer for the initial patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16255 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
safe HTTP methods
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Thanks to brodie for the report, and further input from tow21
This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
cookie
Thanks to cfattarsi for the report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
section
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
AJAX requests
Thanks to sayane for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Thanks to goran for report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Refs #15469. Thanks to aaugustin for the suggestion
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Refs #15518.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
some associated markup
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Thanks to vzima for a report that raised the issue.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
absolute same origin URLs
Thanks to nick for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16047 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
improved code in the CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Using the ajaxSend event is better than beforeSend, because the beforeSend
callback can have only one value, which makes it painful if it is needed by
multiple bits of javascript.
Thanks to LukeMaurer for report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15515 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|