summaryrefslogtreecommitdiff
path: root/docs/ref/middleware.txt
AgeCommit message (Collapse)Author
2019-01-30[2.2.x] Fixed #30091 -- Doc'd middleware ordering requirements with ↵Carlton Gibson
CSRF_USE_SESSIONS. Backport of bae66e759faee8513da4b11d3fd16b044b415bdb from master.
2018-11-14Fixed typo in docs/ref/middleware.txt.Daniel Musketa
2018-05-27Remove documenation for non-existent middleware (#9998)Daniel Hepper
The docs contained a reference to the class django.middleware.exception.ExceptionMiddleware. This class was introduced in 05c888ffb843. It was removed in 7d1b69dbe7, but the documentation remained.
2018-01-07Updated various links in docs to use HTTPS.Mariusz Felisiak
2017-11-14Fixed #28786 -- Doc'd middleware ordering considerations due to ↵Tim Graham
CommonMiddleware setting Content-Length.
2017-11-11Refs #26447 -- Removed outdated ETag comment in CommonMiddleware.Tim Graham
Follow up to 48d57788ee56811fa77cd37b9edf40535f82d87e.
2017-09-22Removed versionadded/changed annotations for 1.11.Tim Graham
2017-09-22Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.Tim Graham
2017-05-22Updated various links in docs to avoid redirectsClaude Paroz
Thanks Tim Graham and Mariusz Felisiak for review and completion.
2017-01-17Removed versionadded/changed annotations for 1.10.Tim Graham
2016-11-30Refs #16859 -- Allowed storing CSRF tokens in sessions.Raphael Michel
Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-06Fixed typo in docs/ref/middleware.txt.Tim Graham
2016-11-05Fixed #27346 -- Stopped setting the Content-Length header in ↵Adam Malinowski
ConditionalGetMiddleware.
2016-10-14Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.Tim Graham
2016-10-13Refs #19705 -- Made GZipMiddleware make ETags weak.Kevin Christopher Henry
Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression.
2016-10-10Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵Denis Cornehl
ConditionalGetMiddleware.
2016-09-09Normalized spelling of ETag.Tim Graham
2016-08-10Fixed #26947 -- Added an option to enable the HSTS header preload directive.Ed Morley
2016-08-08Fixed docs to refer to HSTS includeSubdomains as a directive.Ed Morley
The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-06-27Fixed #5897 -- Added the Content-Length response header in CommonMiddlewareClaude Paroz
Thanks Tim Graham for the review.
2016-05-20Removed versionadded/changed annotations for 1.9.Tim Graham
2016-05-19Fixed #20869 -- made CSRF tokens change every request by salt-encrypting themShai Berger
Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews.
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-02-01Fixed #26124 -- Added missing code formatting to docs headers.rowanv
2015-09-23Removed versionadded/changed annotations for 1.8.Tim Graham
2015-09-23Refs #23957 -- Required session verification per deprecation timeline.Tim Graham
2015-08-08Updated Wikipedia links to use httpsClaude Paroz
2015-07-27Fixed typo in docs/ref/middleware.txtjorgecarleitao
2015-07-02Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵Jan Pazdziora
external authentication.
2015-06-08Fixed #24796 -- Added a hint on placement of SecurityMiddleware in ↵Marissa Zhou
MIDDLEWARE_CLASSES. Also moved it in the project template.
2015-05-01Updated capitalization in the word "JavaScript" for consistencyDave Hodder
2015-02-01Removed versionadded/changed notes for 1.7.Tim Graham
2014-11-04Fixed #23531 -- Added CommonMiddleware.response_redirect_class.Berker Peksag
2014-11-03Moved CSRF docs out of contrib.Thomas Chaumeny
2014-09-12Fixed #17101 -- Integrated django-secure and added check --deploy optionTim Graham
Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews.
2014-06-30Removed reference to old middlewareClaude Paroz
2014-06-10Fixed #17552 -- Removed a hack for IE6 and earlier.Aymeric Augustin
It prevented the GZipMiddleware from compressing some data types even on more recent version of IE where the corresponding bug was fixed. Thanks Aaron Cannon for the report and Tim Graham for the review.
2014-05-22Fixed #20816 -- Added hints about Django middleware orderingClaude Paroz
Thanks gthb Trac user for the report, kolypto StackOverflow user for the initial list and Tim Graham for the review.
2014-04-16Added RemoteUserMiddleware to middleware reference page.Tim Graham
2014-04-05Fixed #21649 -- Added optional invalidation of sessions when user password ↵Tim Graham
changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-03-24Removed versionadded/changed annotations for 1.6.Tim Graham
2014-03-21Fixed typos in docs (django.contrib.site)Thomas Schreiber
2014-03-03Fixed some typos and formatting issues in docs.Rodolfo Carvalho
2014-02-06Fixed #17005 -- Added CurrentSiteMiddleware to set the current site on each ↵Christopher Medrela
request. Thanks jordan at aace.org for the suggestion.
2013-10-03Fixed #19277 -- Added LocaleMiddleware.response_redirect_classEmil Stenström
Thanks ppetrid at yawd.eu for the suggestion.
2013-09-11Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.Tim Graham
Thanks EvilDMP for the report and Russell Keith-Magee for the draft text.
2013-07-25Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs.Brenton Cleeland
Thanks simonb for the report.
2013-05-19Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middlewareŁukasz Langa
2013-04-20Adapted uses of versionchanged/versionadded to the new form.Juan Catalano
Refs #20104.
2013-03-11Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.Aymeric Augustin
Replaced them with per-database options, for proper multi-db support. Also toned down the recommendation to tie transactions to HTTP requests. Thanks Jeremy for sharing his experience.