| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-09-09 | Normalized spelling of ETag. | Tim Graham | |
| 2016-08-10 | Fixed #26947 -- Added an option to enable the HSTS header preload directive. | Ed Morley | |
| 2016-08-08 | Fixed docs to refer to HSTS includeSubdomains as a directive. | Ed Morley | |
| The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2 | |||
| 2016-06-27 | Fixed #5897 -- Added the Content-Length response header in CommonMiddleware | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-05-20 | Removed versionadded/changed annotations for 1.9. | Tim Graham | |
| 2016-05-19 | Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them | Shai Berger | |
| Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. | |||
| 2016-05-17 | Fixed #26601 -- Improved middleware per DEP 0005. | Florian Apolloner | |
| Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP. | |||
| 2016-02-01 | Fixed #26124 -- Added missing code formatting to docs headers. | rowanv | |
| 2015-09-23 | Removed versionadded/changed annotations for 1.8. | Tim Graham | |
| 2015-09-23 | Refs #23957 -- Required session verification per deprecation timeline. | Tim Graham | |
| 2015-08-08 | Updated Wikipedia links to use https | Claude Paroz | |
| 2015-07-27 | Fixed typo in docs/ref/middleware.txt | jorgecarleitao | |
| 2015-07-02 | Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵ | Jan Pazdziora | |
| external authentication. | |||
| 2015-06-08 | Fixed #24796 -- Added a hint on placement of SecurityMiddleware in ↵ | Marissa Zhou | |
| MIDDLEWARE_CLASSES. Also moved it in the project template. | |||
| 2015-05-01 | Updated capitalization in the word "JavaScript" for consistency | Dave Hodder | |
| 2015-02-01 | Removed versionadded/changed notes for 1.7. | Tim Graham | |
| 2014-11-04 | Fixed #23531 -- Added CommonMiddleware.response_redirect_class. | Berker Peksag | |
| 2014-11-03 | Moved CSRF docs out of contrib. | Thomas Chaumeny | |
| 2014-09-12 | Fixed #17101 -- Integrated django-secure and added check --deploy option | Tim Graham | |
| Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews. | |||
| 2014-06-30 | Removed reference to old middleware | Claude Paroz | |
| 2014-06-10 | Fixed #17552 -- Removed a hack for IE6 and earlier. | Aymeric Augustin | |
| It prevented the GZipMiddleware from compressing some data types even on more recent version of IE where the corresponding bug was fixed. Thanks Aaron Cannon for the report and Tim Graham for the review. | |||
| 2014-05-22 | Fixed #20816 -- Added hints about Django middleware ordering | Claude Paroz | |
| Thanks gthb Trac user for the report, kolypto StackOverflow user for the initial list and Tim Graham for the review. | |||
| 2014-04-16 | Added RemoteUserMiddleware to middleware reference page. | Tim Graham | |
| 2014-04-05 | Fixed #21649 -- Added optional invalidation of sessions when user password ↵ | Tim Graham | |
| changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. | |||
| 2014-03-24 | Removed versionadded/changed annotations for 1.6. | Tim Graham | |
| 2014-03-21 | Fixed typos in docs (django.contrib.site) | Thomas Schreiber | |
| 2014-03-03 | Fixed some typos and formatting issues in docs. | Rodolfo Carvalho | |
| 2014-02-06 | Fixed #17005 -- Added CurrentSiteMiddleware to set the current site on each ↵ | Christopher Medrela | |
| request. Thanks jordan at aace.org for the suggestion. | |||
| 2013-10-03 | Fixed #19277 -- Added LocaleMiddleware.response_redirect_class | Emil Stenström | |
| Thanks ppetrid at yawd.eu for the suggestion. | |||
| 2013-09-11 | Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. | Tim Graham | |
| Thanks EvilDMP for the report and Russell Keith-Magee for the draft text. | |||
| 2013-07-25 | Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs. | Brenton Cleeland | |
| Thanks simonb for the report. | |||
| 2013-05-19 | Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middleware | Łukasz Langa | |
| 2013-04-20 | Adapted uses of versionchanged/versionadded to the new form. | Juan Catalano | |
| Refs #20104. | |||
| 2013-03-11 | Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED. | Aymeric Augustin | |
| Replaced them with per-database options, for proper multi-db support. Also toned down the recommendation to tie transactions to HTTP requests. Thanks Jeremy for sharing his experience. | |||
| 2013-01-15 | Fixed #19099 -- Split broken link emails out of common middleware. | Aymeric Augustin | |
| 2013-01-02 | Fixed #19516 - Fixed remaining broken links. | Tim Graham | |
| Added -n to sphinx builds to catch issues going forward. | |||
| 2012-12-29 | Removed versionadded/changed annotations dating back to 1.4. | Aymeric Augustin | |
| 2012-12-28 | Fixed #19498 -- refactored auth documentation | Preston Holmes | |
| The auth doc was a single page which had grown unwieldy. This refactor split and grouped the content into sub-topics. Additional corrections and cleanups were made along the way. | |||
| 2012-10-17 | Fixed #18473 - Fixed a suggestion that GZipMiddleware needs to be first in ↵ | Tim Graham | |
| the list of middleware. | |||
| 2012-10-11 | Fixed #14165 - Documented that TransactionMiddleware only applies to the ↵ | Tim Graham | |
| default database. | |||
| 2012-07-28 | Fixed #18656 -- Fixed LocaleMiddleware link; thanks mitar for the report. | Tim Graham | |
| 2012-06-07 | Removed references to changes made in 1.2. | Aymeric Augustin | |
| Thanks Florian Apolloner for the patch. | |||
| 2012-02-03 | Made a bunch more edits up until [17418] | Adrian Holovaty | |
| git-svn-id: http://code.djangoproject.com/svn/django/trunk@17428 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2012-01-09 | Fixed #10762, #17514 -- Prevented the GZip middleware from returning a ↵ | Aymeric Augustin | |
| response longer than the original content, allowed compression of non-200 responses, and added tests (there were none). Thanks cannona for the initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17365 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2011-11-12 | Fix #16998: Update name of the CSRF middleware in doc. Thanks ptone and poirier. | Karen Tracey | |
| git-svn-id: http://code.djangoproject.com/svn/django/trunk@17085 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2011-10-14 | Fixed many more ReST indentation errors, somehow accidentally missed from ↵ | Luke Plant | |
| [16955] git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2011-07-03 | Fixed #14506 -- Added an assertion to XViewMiddleware about the dependency ↵ | Jannis Leidel | |
| on the authentication middleware. Thanks, vanschelven. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16496 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2011-06-19 | Fixed #16258 - typo in middleware docs. | Timo Graham | |
| git-svn-id: http://code.djangoproject.com/svn/django/trunk@16441 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2011-05-30 | Fixed #14261 - Added clickjacking protection (X-Frame-Options header) | Luke Plant | |
| Many thanks to rniemeyer for the patch! git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
| 2010-12-27 | Fixed #6181 - Document `django.views.decorators.http` - thanks adamv for the ↵ | Timo Graham | |
| patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15064 bcc190cf-cafb-0310-a4f2-bffc1f526a37 | |||
