summaryrefslogtreecommitdiff
path: root/docs/ref/middleware.txt
AgeCommit message (Collapse)Author
2023-03-01[4.2.x] Fixed #34140 -- Reformatted code blocks in docs with blacken-docs.django-bot
2022-12-17Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware.Andreas Pelme
2022-12-06Updated various links to HTTPS and new locations.Mariusz Felisiak
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-05-17Removed versionadded/changed annotations for 4.0.Carlton Gibson
2022-03-17Corrected CSRF reference in middleware docs.tommcn
2021-09-20Removed versionadded/changed annotations for 3.2.Mariusz Felisiak
2021-07-29Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵David Smith
appropriate.
2021-05-17Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS.Nick Pope
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-03-30Fixed #31840 -- Added support for Cross-Origin Opener Policy header.bankc
Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com>
2020-10-22Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.Carlton Gibson
2020-05-13Removed versionadded/changed annotations for 3.0.Mariusz Felisiak
2019-10-02Fixed some typos in comments and docs.Min ho Kim
Thanks to Mads Jenson for review.
2019-10-02Refs #15396 -- Mentioned full path to GZipMiddleware in documentation.Mar Sánchez
2019-10-02Refs #28699 -- Clarified CSRF middleware ordering in relation to ↵Carlton Gibson
RemoteUserMiddleware.
2019-09-09Fixed #29406 -- Added support for Referrer-Policy header.Nick Pope
Thanks to James Bennett for the initial implementation.
2019-09-09Standardized links for headers in security middleware documentation.Nick Pope
2019-06-03Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.Mariusz Felisiak
2019-01-30Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.Carlton Gibson
2018-11-14Fixed typo in docs/ref/middleware.txt.Daniel Musketa
2018-05-27Remove documenation for non-existent middleware (#9998)Daniel Hepper
The docs contained a reference to the class django.middleware.exception.ExceptionMiddleware. This class was introduced in 05c888ffb843. It was removed in 7d1b69dbe7, but the documentation remained.
2018-01-07Updated various links in docs to use HTTPS.Mariusz Felisiak
2017-11-14Fixed #28786 -- Doc'd middleware ordering considerations due to ↵Tim Graham
CommonMiddleware setting Content-Length.
2017-11-11Refs #26447 -- Removed outdated ETag comment in CommonMiddleware.Tim Graham
Follow up to 48d57788ee56811fa77cd37b9edf40535f82d87e.
2017-09-22Removed versionadded/changed annotations for 1.11.Tim Graham
2017-09-22Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.Tim Graham
2017-05-22Updated various links in docs to avoid redirectsClaude Paroz
Thanks Tim Graham and Mariusz Felisiak for review and completion.
2017-01-17Removed versionadded/changed annotations for 1.10.Tim Graham
2016-11-30Refs #16859 -- Allowed storing CSRF tokens in sessions.Raphael Michel
Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-06Fixed typo in docs/ref/middleware.txt.Tim Graham
2016-11-05Fixed #27346 -- Stopped setting the Content-Length header in ↵Adam Malinowski
ConditionalGetMiddleware.
2016-10-14Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.Tim Graham
2016-10-13Refs #19705 -- Made GZipMiddleware make ETags weak.Kevin Christopher Henry
Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression.
2016-10-10Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵Denis Cornehl
ConditionalGetMiddleware.
2016-09-09Normalized spelling of ETag.Tim Graham
2016-08-10Fixed #26947 -- Added an option to enable the HSTS header preload directive.Ed Morley
2016-08-08Fixed docs to refer to HSTS includeSubdomains as a directive.Ed Morley
The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-06-27Fixed #5897 -- Added the Content-Length response header in CommonMiddlewareClaude Paroz
Thanks Tim Graham for the review.
2016-05-20Removed versionadded/changed annotations for 1.9.Tim Graham
2016-05-19Fixed #20869 -- made CSRF tokens change every request by salt-encrypting themShai Berger
Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews.
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-02-01Fixed #26124 -- Added missing code formatting to docs headers.rowanv
2015-09-23Removed versionadded/changed annotations for 1.8.Tim Graham
2015-09-23Refs #23957 -- Required session verification per deprecation timeline.Tim Graham
2015-08-08Updated Wikipedia links to use httpsClaude Paroz
2015-07-27Fixed typo in docs/ref/middleware.txtjorgecarleitao
2015-07-02Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵Jan Pazdziora
external authentication.
2015-06-08Fixed #24796 -- Added a hint on placement of SecurityMiddleware in ↵Marissa Zhou
MIDDLEWARE_CLASSES. Also moved it in the project template.
2015-05-01Updated capitalization in the word "JavaScript" for consistencyDave Hodder