| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-04-02 | Refs #36862 -- Reiterated security note on both variants of ↵ | Jacob Walls | |
| RemoteUserMiddleware. | |||
| 2026-04-02 | Fixed #36862 -- Doc'd the need for a proxy when deploying ↵ | Jacob Walls | |
| RemoteUserMiddleware under ASGI. We have a flood of nuisance security reports describing ASGI deployments using RemoteUserMiddleware without a fronting proxy, which is not realistic. | |||
| 2025-12-22 | Refs #36305 -- Fixed indentation in checks and middleware documentation. | ankan0503 | |
| 2025-08-25 | Refs #36485 -- Rewrapped docs to 79 columns line length. | David Smith | |
| Lines in the docs files were manually adjusted to conform to the 79 columns limit per line (plus newline), improving readability and consistency across the content. | |||
| 2025-08-25 | Refs #36485 -- Removed double spaces after periods in sentences. | Natalia | |
| 2025-08-25 | Refs #36485 -- Removed unnecessary parentheses in :meth: and :func: roles in ↵ | David Smith | |
| docs. | |||
| 2025-06-27 | Fixed #15727 -- Added Content Security Policy (CSP) support. | Rob Hudson | |
| This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-01-15 | Removed versionadded/changed annotations for 5.1. | Sarah Boyce | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2024-10-02 | Reindented attributes and methods for classes in docs/ref/middleware.txt. | nessita | |
| 2024-10-02 | Fixed #35670 -- Clarified the return value for LoginRequiredMiddleware's ↵ | Aditya Chaudhary | |
| methods. | |||
| 2024-08-08 | Refs #31405 -- Improved LoginRequiredMiddleware documentation. | Adam Johnson | |
| co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-06-12 | Fixed #35401 -- Documented the conditional_page() decorator. | lufafajoshua | |
| 2024-06-12 | Refs #35401 -- Linked the CsrfViewMiddleware docs to the csrf_protect() ↵ | lufafajoshua | |
| decorator. | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2023-09-18 | Removed versionadded/changed annotations for 4.2. | Mariusz Felisiak | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2023-03-01 | Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2022-12-17 | Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. | Andreas Pelme | |
| 2022-12-06 | Updated various links to HTTPS and new locations. | Mariusz Felisiak | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-05-17 | Removed versionadded/changed annotations for 4.0. | Carlton Gibson | |
| 2022-03-17 | Corrected CSRF reference in middleware docs. | tommcn | |
| 2021-09-20 | Removed versionadded/changed annotations for 3.2. | Mariusz Felisiak | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-05-17 | Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. | Nick Pope | |
| 2021-04-30 | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | |
| 2021-03-30 | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | |
| Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | |||
| 2020-10-22 | Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. | Carlton Gibson | |
| 2020-05-13 | Removed versionadded/changed annotations for 3.0. | Mariusz Felisiak | |
| 2019-10-02 | Fixed some typos in comments and docs. | Min ho Kim | |
| Thanks to Mads Jenson for review. | |||
| 2019-10-02 | Refs #15396 -- Mentioned full path to GZipMiddleware in documentation. | Mar Sánchez | |
| 2019-10-02 | Refs #28699 -- Clarified CSRF middleware ordering in relation to ↵ | Carlton Gibson | |
| RemoteUserMiddleware. | |||
| 2019-09-09 | Fixed #29406 -- Added support for Referrer-Policy header. | Nick Pope | |
| Thanks to James Bennett for the initial implementation. | |||
| 2019-09-09 | Standardized links for headers in security middleware documentation. | Nick Pope | |
| 2019-06-03 | Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0. | Mariusz Felisiak | |
| 2019-01-30 | Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. | Carlton Gibson | |
| 2018-11-14 | Fixed typo in docs/ref/middleware.txt. | Daniel Musketa | |
| 2018-05-27 | Remove documenation for non-existent middleware (#9998) | Daniel Hepper | |
| The docs contained a reference to the class django.middleware.exception.ExceptionMiddleware. This class was introduced in 05c888ffb843. It was removed in 7d1b69dbe7, but the documentation remained. | |||
| 2018-01-07 | Updated various links in docs to use HTTPS. | Mariusz Felisiak | |
| 2017-11-14 | Fixed #28786 -- Doc'd middleware ordering considerations due to ↵ | Tim Graham | |
| CommonMiddleware setting Content-Length. | |||
| 2017-11-11 | Refs #26447 -- Removed outdated ETag comment in CommonMiddleware. | Tim Graham | |
| Follow up to 48d57788ee56811fa77cd37b9edf40535f82d87e. | |||
| 2017-09-22 | Removed versionadded/changed annotations for 1.11. | Tim Graham | |
| 2017-09-22 | Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. | Tim Graham | |
| 2017-05-22 | Updated various links in docs to avoid redirects | Claude Paroz | |
| Thanks Tim Graham and Mariusz Felisiak for review and completion. | |||
| 2017-01-17 | Removed versionadded/changed annotations for 1.10. | Tim Graham | |
| 2016-11-30 | Refs #16859 -- Allowed storing CSRF tokens in sessions. | Raphael Michel | |
| Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review. | |||
| 2016-11-06 | Fixed typo in docs/ref/middleware.txt. | Tim Graham | |
| 2016-11-05 | Fixed #27346 -- Stopped setting the Content-Length header in ↵ | Adam Malinowski | |
| ConditionalGetMiddleware. | |||
| 2016-10-14 | Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. | Tim Graham | |
| 2016-10-13 | Refs #19705 -- Made GZipMiddleware make ETags weak. | Kevin Christopher Henry | |
| Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression. | |||
| 2016-10-10 | Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵ | Denis Cornehl | |
| ConditionalGetMiddleware. | |||
 |
index : chango.git | |
| django |
| summaryrefslogtreecommitdiff |