| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-01-30 | [2.2.x] Fixed #30091 -- Doc'd middleware ordering requirements with ↵ | Carlton Gibson | |
| CSRF_USE_SESSIONS. Backport of bae66e759faee8513da4b11d3fd16b044b415bdb from master. | |||
| 2018-11-14 | Fixed typo in docs/ref/middleware.txt. | Daniel Musketa | |
| 2018-05-27 | Remove documenation for non-existent middleware (#9998) | Daniel Hepper | |
| The docs contained a reference to the class django.middleware.exception.ExceptionMiddleware. This class was introduced in 05c888ffb843. It was removed in 7d1b69dbe7, but the documentation remained. | |||
| 2018-01-07 | Updated various links in docs to use HTTPS. | Mariusz Felisiak | |
| 2017-11-14 | Fixed #28786 -- Doc'd middleware ordering considerations due to ↵ | Tim Graham | |
| CommonMiddleware setting Content-Length. | |||
| 2017-11-11 | Refs #26447 -- Removed outdated ETag comment in CommonMiddleware. | Tim Graham | |
| Follow up to 48d57788ee56811fa77cd37b9edf40535f82d87e. | |||
| 2017-09-22 | Removed versionadded/changed annotations for 1.11. | Tim Graham | |
| 2017-09-22 | Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. | Tim Graham | |
| 2017-05-22 | Updated various links in docs to avoid redirects | Claude Paroz | |
| Thanks Tim Graham and Mariusz Felisiak for review and completion. | |||
| 2017-01-17 | Removed versionadded/changed annotations for 1.10. | Tim Graham | |
| 2016-11-30 | Refs #16859 -- Allowed storing CSRF tokens in sessions. | Raphael Michel | |
| Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review. | |||
| 2016-11-06 | Fixed typo in docs/ref/middleware.txt. | Tim Graham | |
| 2016-11-05 | Fixed #27346 -- Stopped setting the Content-Length header in ↵ | Adam Malinowski | |
| ConditionalGetMiddleware. | |||
| 2016-10-14 | Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. | Tim Graham | |
| 2016-10-13 | Refs #19705 -- Made GZipMiddleware make ETags weak. | Kevin Christopher Henry | |
| Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression. | |||
| 2016-10-10 | Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵ | Denis Cornehl | |
| ConditionalGetMiddleware. | |||
| 2016-09-09 | Normalized spelling of ETag. | Tim Graham | |
| 2016-08-10 | Fixed #26947 -- Added an option to enable the HSTS header preload directive. | Ed Morley | |
| 2016-08-08 | Fixed docs to refer to HSTS includeSubdomains as a directive. | Ed Morley | |
| The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2 | |||
| 2016-06-27 | Fixed #5897 -- Added the Content-Length response header in CommonMiddleware | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-05-20 | Removed versionadded/changed annotations for 1.9. | Tim Graham | |
| 2016-05-19 | Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them | Shai Berger | |
| Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. | |||
| 2016-05-17 | Fixed #26601 -- Improved middleware per DEP 0005. | Florian Apolloner | |
| Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP. | |||
| 2016-02-01 | Fixed #26124 -- Added missing code formatting to docs headers. | rowanv | |
| 2015-09-23 | Removed versionadded/changed annotations for 1.8. | Tim Graham | |
| 2015-09-23 | Refs #23957 -- Required session verification per deprecation timeline. | Tim Graham | |
| 2015-08-08 | Updated Wikipedia links to use https | Claude Paroz | |
| 2015-07-27 | Fixed typo in docs/ref/middleware.txt | jorgecarleitao | |
| 2015-07-02 | Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵ | Jan Pazdziora | |
| external authentication. | |||
| 2015-06-08 | Fixed #24796 -- Added a hint on placement of SecurityMiddleware in ↵ | Marissa Zhou | |
| MIDDLEWARE_CLASSES. Also moved it in the project template. | |||
| 2015-05-01 | Updated capitalization in the word "JavaScript" for consistency | Dave Hodder | |
| 2015-02-01 | Removed versionadded/changed notes for 1.7. | Tim Graham | |
| 2014-11-04 | Fixed #23531 -- Added CommonMiddleware.response_redirect_class. | Berker Peksag | |
| 2014-11-03 | Moved CSRF docs out of contrib. | Thomas Chaumeny | |
| 2014-09-12 | Fixed #17101 -- Integrated django-secure and added check --deploy option | Tim Graham | |
| Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews. | |||
| 2014-06-30 | Removed reference to old middleware | Claude Paroz | |
| 2014-06-10 | Fixed #17552 -- Removed a hack for IE6 and earlier. | Aymeric Augustin | |
| It prevented the GZipMiddleware from compressing some data types even on more recent version of IE where the corresponding bug was fixed. Thanks Aaron Cannon for the report and Tim Graham for the review. | |||
| 2014-05-22 | Fixed #20816 -- Added hints about Django middleware ordering | Claude Paroz | |
| Thanks gthb Trac user for the report, kolypto StackOverflow user for the initial list and Tim Graham for the review. | |||
| 2014-04-16 | Added RemoteUserMiddleware to middleware reference page. | Tim Graham | |
| 2014-04-05 | Fixed #21649 -- Added optional invalidation of sessions when user password ↵ | Tim Graham | |
| changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. | |||
| 2014-03-24 | Removed versionadded/changed annotations for 1.6. | Tim Graham | |
| 2014-03-21 | Fixed typos in docs (django.contrib.site) | Thomas Schreiber | |
| 2014-03-03 | Fixed some typos and formatting issues in docs. | Rodolfo Carvalho | |
| 2014-02-06 | Fixed #17005 -- Added CurrentSiteMiddleware to set the current site on each ↵ | Christopher Medrela | |
| request. Thanks jordan at aace.org for the suggestion. | |||
| 2013-10-03 | Fixed #19277 -- Added LocaleMiddleware.response_redirect_class | Emil Stenström | |
| Thanks ppetrid at yawd.eu for the suggestion. | |||
| 2013-09-11 | Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. | Tim Graham | |
| Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. | |||
| 2013-07-25 | Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs. | Brenton Cleeland | |
| Thanks simonb for the report. | |||
| 2013-05-19 | Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middleware | Łukasz Langa | |
| 2013-04-20 | Adapted uses of versionchanged/versionadded to the new form. | Juan Catalano | |
| Refs #20104. | |||
| 2013-03-11 | Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED. | Aymeric Augustin | |
| Replaced them with per-database options, for proper multi-db support. Also toned down the recommendation to tie transactions to HTTP requests. Thanks Jeremy for sharing his experience. | |||
