| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-08-25 | Refs #36485 -- Rewrapped docs to 79 columns line length. | David Smith | |
| Lines in the docs files were manually adjusted to conform to the 79 columns limit per line (plus newline), improving readability and consistency across the content. | |||
| 2024-06-12 | Refs #35401 -- Linked the CsrfViewMiddleware docs to the csrf_protect() ↵ | lufafajoshua | |
| decorator. | |||
| 2024-05-22 | Removed versionadded/changed annotations for 5.0. | Natalia | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2024-05-06 | Added link to the csrf template tag in the csrf page. | alexgmin | |
| 2023-11-23 | Fixed #34990 -- Changed link to OWASP in CSRF docs. | Tim Schilling | |
| The OWASP site is the standard resource for web application security information. | |||
| 2023-09-13 | Refs #31949 -- Made make_middleware_decorator to work with async functions. | Ben Lomax | |
| 2023-07-10 | Refs #31949 -- Made @csrf_exempt decorator to work with async functions. | Ben Lomax | |
| 2023-03-01 | Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2023-01-17 | Removed versionadded/changed annotations for 4.1. | Mariusz Felisiak | |
| 2022-12-06 | Updated various links to HTTPS and new locations. | Mariusz Felisiak | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-05-17 | Removed versionadded/changed annotations for 4.0. | Carlton Gibson | |
| 2022-03-17 | Refs #28592 -- Created a new CSRF how-to document. | tommcn | |
| 2022-03-14 | Refs #28592 -- Removed redundant spaces in docs/ref/csrf.txt. | Tomas McNamer | |
| 2021-11-29 | Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret. | Chris Jerdonek | |
| This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-09-21 | Fixed broken links and redirects in docs. | Mariusz Felisiak | |
| 2021-09-13 | Made CSRF JavaScript example more reusable. | sdwoodbury | |
| 2021-03-18 | Fixed #16010 -- Added Origin header checking to CSRF middleware. | Tim Graham | |
| Thanks David Benjamin for the original patch, and Florian Apolloner, Chris Jerdonek, and Adam Johnson for reviews. | |||
| 2020-10-07 | Fixed #32065 -- Restored leading dot to CSRF_COOKIE_DOMAIN examples. | Carlton Gibson | |
| Partially reverts afd375fc343baa46e61036087bc43b3d096bb0ca. Thanks to Tim Graham for review. | |||
| 2020-06-24 | Refs #31493 -- Replaced var with const/let in documentation JS. | Adam Johnson | |
| 2020-04-01 | Prevented (and corrected) single backtick usage in docs. | Adam Johnson | |
| 2020-02-25 | Fixed #31291 -- Renamed salt to mask for CSRF tokens. | Ram Rachum | |
| 2019-12-12 | Rewrote CSRF JavaScript example without jQuery. | Jon Dufresne | |
| 2019-12-11 | Fixed #31080 -- Removed redundant type="text/javascript" attribute from ↵ | Jon Dufresne | |
| <script> tags. | |||
| 2019-11-27 | Fixed #31029 -- Used more specific links to RFCs. | Baptiste Mispelon | |
| 2019-09-06 | Fixed #30573 -- Rephrased documentation to avoid words that minimise the ↵ | Tobias Kunze | |
| involved difficulty. This patch does not remove all occurrences of the words in question. Rather, I went through all of the occurrences of the words listed below, and judged if they a) suggested the reader had some kind of knowledge/experience, and b) if they added anything of value (including tone of voice, etc). I left most of the words alone. I looked at the following words: - simply/simple - easy/easier/easiest - obvious - just - merely - straightforward - ridiculous Thanks to Carlton Gibson for guidance on how to approach this issue, and to Tim Bell for providing the idea. But the enormous lion's share of thanks go to Adam Johnson for his patient and helpful review. | |||
| 2019-03-28 | Fixed #30299 -- Removed jQuery dependency from getCookie() in CSRF docs. | Tim Graham | |
| 2018-11-15 | Used auto-numbered lists in documentation. | François Freitag | |
| 2018-10-25 | Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs. | Mayank Singhal | |
| 2018-10-18 | Fixed #29858 -- Clarified docs regarding CSRF token header name. | Tim Graham | |
| 2018-07-18 | Removed duplicate words in docs. | Maxime Lorant | |
| . | |||
| 2018-05-12 | Alphabetized imports in various docs. | Mariusz Felisiak | |
| Follow-up of d97cce34096043b019e818a7fb98c0f9f073704c and 7d3fe36c626a3268413eb86d37920f132eb4a54f. | |||
| 2018-05-02 | Fixed #29375 -- Removed empty action attribute on HTML forms. | CHI Cheng | |
| 2018-04-13 | Fixed #27863 -- Added support for the SameSite cookie flag. | Alex Gaynor | |
| Thanks Alex Gaynor for contributing to the patch. | |||
| 2017-09-22 | Removed versionadded/changed annotations for 1.11. | Tim Graham | |
| 2017-06-22 | Refs #16870 -- Doc'd that CSRF protection requires the Referer header. | Flávio Juvenal | |
| 2017-05-22 | Updated various links in docs to avoid redirects | Claude Paroz | |
| Thanks Tim Graham and Mariusz Felisiak for review and completion. | |||
| 2017-01-20 | Refs #16859 -- Updated CSRF FAQ to mention CSRF_USE_SESSIONS setting. | Alasdair Nicol | |
| 2017-01-17 | Removed versionadded/changed annotations for 1.10. | Tim Graham | |
| 2016-11-30 | Refs #16859 -- Allowed storing CSRF tokens in sessions. | Raphael Michel | |
| Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review. | |||
| 2016-06-28 | Used strict comparison in docs/ref/csrf.txt's JavaScript. | Camilo Nova | |
| 2016-06-04 | Fixed #26628 -- Changed CSRF logger to django.security.csrf. | Holly Becker | |
| 2016-06-03 | Fixed #26596 -- Added Jinja2 {{ csrf_input }} documentation. | B. J. Potter | |
| 2016-06-03 | Added syntax highlighting to CSRF example. | B. J. Potter | |
| 2016-06-02 | Refs #26628 -- Documented CSRF failure logging. | Holly Becker | |
| 2016-05-20 | Removed versionadded/changed annotations for 1.9. | Tim Graham | |
| 2016-05-19 | Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them | Shai Berger | |
| Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. | |||
| 2016-05-17 | Fixed #26601 -- Improved middleware per DEP 0005. | Florian Apolloner | |
| Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP. | |||
| 2016-05-03 | Fixed #26567 -- Updated references to obsolete RFC2616. | Vasiliy Faronov | |
| Didn't touch comments where it wasn't obvious that the code adhered to the newer standard. | |||
| 2016-04-05 | Fixed #26201 -- Documented the consequences of rotating the CSRF token on login. | Vaclav Ehrlich | |
 |
index : chango.git | |
| django |
| summaryrefslogtreecommitdiff |