| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-03-01 | [4.2.x] Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2022-12-17 | Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. | Andreas Pelme | |
| 2022-12-06 | Updated various links to HTTPS and new locations. | Mariusz Felisiak | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-05-17 | Removed versionadded/changed annotations for 4.0. | Carlton Gibson | |
| 2022-03-17 | Corrected CSRF reference in middleware docs. | tommcn | |
| 2021-09-20 | Removed versionadded/changed annotations for 3.2. | Mariusz Felisiak | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-05-17 | Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. | Nick Pope | |
| 2021-04-30 | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | |
| 2021-03-30 | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | |
| Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | |||
| 2020-10-22 | Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. | Carlton Gibson | |
| 2020-05-13 | Removed versionadded/changed annotations for 3.0. | Mariusz Felisiak | |
| 2019-10-02 | Fixed some typos in comments and docs. | Min ho Kim | |
| Thanks to Mads Jenson for review. | |||
| 2019-10-02 | Refs #15396 -- Mentioned full path to GZipMiddleware in documentation. | Mar Sánchez | |
| 2019-10-02 | Refs #28699 -- Clarified CSRF middleware ordering in relation to ↵ | Carlton Gibson | |
| RemoteUserMiddleware. | |||
| 2019-09-09 | Fixed #29406 -- Added support for Referrer-Policy header. | Nick Pope | |
| Thanks to James Bennett for the initial implementation. | |||
| 2019-09-09 | Standardized links for headers in security middleware documentation. | Nick Pope | |
| 2019-06-03 | Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0. | Mariusz Felisiak | |
| 2019-01-30 | Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. | Carlton Gibson | |
| 2018-11-14 | Fixed typo in docs/ref/middleware.txt. | Daniel Musketa | |
| 2018-05-27 | Remove documenation for non-existent middleware (#9998) | Daniel Hepper | |
| The docs contained a reference to the class django.middleware.exception.ExceptionMiddleware. This class was introduced in 05c888ffb843. It was removed in 7d1b69dbe7, but the documentation remained. | |||
| 2018-01-07 | Updated various links in docs to use HTTPS. | Mariusz Felisiak | |
| 2017-11-14 | Fixed #28786 -- Doc'd middleware ordering considerations due to ↵ | Tim Graham | |
| CommonMiddleware setting Content-Length. | |||
| 2017-11-11 | Refs #26447 -- Removed outdated ETag comment in CommonMiddleware. | Tim Graham | |
| Follow up to 48d57788ee56811fa77cd37b9edf40535f82d87e. | |||
| 2017-09-22 | Removed versionadded/changed annotations for 1.11. | Tim Graham | |
| 2017-09-22 | Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. | Tim Graham | |
| 2017-05-22 | Updated various links in docs to avoid redirects | Claude Paroz | |
| Thanks Tim Graham and Mariusz Felisiak for review and completion. | |||
| 2017-01-17 | Removed versionadded/changed annotations for 1.10. | Tim Graham | |
| 2016-11-30 | Refs #16859 -- Allowed storing CSRF tokens in sessions. | Raphael Michel | |
| Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review. | |||
| 2016-11-06 | Fixed typo in docs/ref/middleware.txt. | Tim Graham | |
| 2016-11-05 | Fixed #27346 -- Stopped setting the Content-Length header in ↵ | Adam Malinowski | |
| ConditionalGetMiddleware. | |||
| 2016-10-14 | Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. | Tim Graham | |
| 2016-10-13 | Refs #19705 -- Made GZipMiddleware make ETags weak. | Kevin Christopher Henry | |
| Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression. | |||
| 2016-10-10 | Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵ | Denis Cornehl | |
| ConditionalGetMiddleware. | |||
| 2016-09-09 | Normalized spelling of ETag. | Tim Graham | |
| 2016-08-10 | Fixed #26947 -- Added an option to enable the HSTS header preload directive. | Ed Morley | |
| 2016-08-08 | Fixed docs to refer to HSTS includeSubdomains as a directive. | Ed Morley | |
| The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2 | |||
| 2016-06-27 | Fixed #5897 -- Added the Content-Length response header in CommonMiddleware | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-05-20 | Removed versionadded/changed annotations for 1.9. | Tim Graham | |
| 2016-05-19 | Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them | Shai Berger | |
| Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. | |||
| 2016-05-17 | Fixed #26601 -- Improved middleware per DEP 0005. | Florian Apolloner | |
| Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP. | |||
| 2016-02-01 | Fixed #26124 -- Added missing code formatting to docs headers. | rowanv | |
| 2015-09-23 | Removed versionadded/changed annotations for 1.8. | Tim Graham | |
| 2015-09-23 | Refs #23957 -- Required session verification per deprecation timeline. | Tim Graham | |
| 2015-08-08 | Updated Wikipedia links to use https | Claude Paroz | |
| 2015-07-27 | Fixed typo in docs/ref/middleware.txt | jorgecarleitao | |
| 2015-07-02 | Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵ | Jan Pazdziora | |
| external authentication. | |||
| 2015-06-08 | Fixed #24796 -- Added a hint on placement of SecurityMiddleware in ↵ | Marissa Zhou | |
| MIDDLEWARE_CLASSES. Also moved it in the project template. | |||
| 2015-05-01 | Updated capitalization in the word "JavaScript" for consistency | Dave Hodder | |
