summaryrefslogtreecommitdiff
path: root/docs/ref/middleware.txt
AgeCommit message (Collapse)Author
2016-09-09Normalized spelling of ETag.Tim Graham
2016-08-10Fixed #26947 -- Added an option to enable the HSTS header preload directive.Ed Morley
2016-08-08Fixed docs to refer to HSTS includeSubdomains as a directive.Ed Morley
The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-06-27Fixed #5897 -- Added the Content-Length response header in CommonMiddlewareClaude Paroz
Thanks Tim Graham for the review.
2016-05-20Removed versionadded/changed annotations for 1.9.Tim Graham
2016-05-19Fixed #20869 -- made CSRF tokens change every request by salt-encrypting themShai Berger
Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews.
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-02-01Fixed #26124 -- Added missing code formatting to docs headers.rowanv
2015-09-23Removed versionadded/changed annotations for 1.8.Tim Graham
2015-09-23Refs #23957 -- Required session verification per deprecation timeline.Tim Graham
2015-08-08Updated Wikipedia links to use httpsClaude Paroz
2015-07-27Fixed typo in docs/ref/middleware.txtjorgecarleitao
2015-07-02Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵Jan Pazdziora
external authentication.
2015-06-08Fixed #24796 -- Added a hint on placement of SecurityMiddleware in ↵Marissa Zhou
MIDDLEWARE_CLASSES. Also moved it in the project template.
2015-05-01Updated capitalization in the word "JavaScript" for consistencyDave Hodder
2015-02-01Removed versionadded/changed notes for 1.7.Tim Graham
2014-11-04Fixed #23531 -- Added CommonMiddleware.response_redirect_class.Berker Peksag
2014-11-03Moved CSRF docs out of contrib.Thomas Chaumeny
2014-09-12Fixed #17101 -- Integrated django-secure and added check --deploy optionTim Graham
Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews.
2014-06-30Removed reference to old middlewareClaude Paroz
2014-06-10Fixed #17552 -- Removed a hack for IE6 and earlier.Aymeric Augustin
It prevented the GZipMiddleware from compressing some data types even on more recent version of IE where the corresponding bug was fixed. Thanks Aaron Cannon for the report and Tim Graham for the review.
2014-05-22Fixed #20816 -- Added hints about Django middleware orderingClaude Paroz
Thanks gthb Trac user for the report, kolypto StackOverflow user for the initial list and Tim Graham for the review.
2014-04-16Added RemoteUserMiddleware to middleware reference page.Tim Graham
2014-04-05Fixed #21649 -- Added optional invalidation of sessions when user password ↵Tim Graham
changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-03-24Removed versionadded/changed annotations for 1.6.Tim Graham
2014-03-21Fixed typos in docs (django.contrib.site)Thomas Schreiber
2014-03-03Fixed some typos and formatting issues in docs.Rodolfo Carvalho
2014-02-06Fixed #17005 -- Added CurrentSiteMiddleware to set the current site on each ↵Christopher Medrela
request. Thanks jordan at aace.org for the suggestion.
2013-10-03Fixed #19277 -- Added LocaleMiddleware.response_redirect_classEmil Stenström
Thanks ppetrid at yawd.eu for the suggestion.
2013-09-11Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.Tim Graham
Thanks EvilDMP for the report and Russell Keith-Magee for the draft text.
2013-07-25Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs.Brenton Cleeland
Thanks simonb for the report.
2013-05-19Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middlewareŁukasz Langa
2013-04-20Adapted uses of versionchanged/versionadded to the new form.Juan Catalano
Refs #20104.
2013-03-11Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.Aymeric Augustin
Replaced them with per-database options, for proper multi-db support. Also toned down the recommendation to tie transactions to HTTP requests. Thanks Jeremy for sharing his experience.
2013-01-15Fixed #19099 -- Split broken link emails out of common middleware.Aymeric Augustin
2013-01-02Fixed #19516 - Fixed remaining broken links.Tim Graham
Added -n to sphinx builds to catch issues going forward.
2012-12-29Removed versionadded/changed annotations dating back to 1.4.Aymeric Augustin
2012-12-28Fixed #19498 -- refactored auth documentationPreston Holmes
The auth doc was a single page which had grown unwieldy. This refactor split and grouped the content into sub-topics. Additional corrections and cleanups were made along the way.
2012-10-17Fixed #18473 - Fixed a suggestion that GZipMiddleware needs to be first in ↵Tim Graham
the list of middleware.
2012-10-11Fixed #14165 - Documented that TransactionMiddleware only applies to the ↵Tim Graham
default database.
2012-07-28Fixed #18656 -- Fixed LocaleMiddleware link; thanks mitar for the report.Tim Graham
2012-06-07Removed references to changes made in 1.2.Aymeric Augustin
Thanks Florian Apolloner for the patch.
2012-02-03Made a bunch more edits up until [17418]Adrian Holovaty
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17428 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-09Fixed #10762, #17514 -- Prevented the GZip middleware from returning a ↵Aymeric Augustin
response longer than the original content, allowed compression of non-200 responses, and added tests (there were none). Thanks cannona for the initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-12Fix #16998: Update name of the CSRF middleware in doc. Thanks ptone and poirier.Karen Tracey
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17085 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14Fixed many more ReST indentation errors, somehow accidentally missed from ↵Luke Plant
[16955] git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-03Fixed #14506 -- Added an assertion to XViewMiddleware about the dependency ↵Jannis Leidel
on the authentication middleware. Thanks, vanschelven. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16496 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-19Fixed #16258 - typo in middleware docs.Timo Graham
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16441 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30Fixed #14261 - Added clickjacking protection (X-Frame-Options header)Luke Plant
Many thanks to rniemeyer for the patch! git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-27Fixed #6181 - Document `django.views.decorators.http` - thanks adamv for the ↵Timo Graham
patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15064 bcc190cf-cafb-0310-a4f2-bffc1f526a37