summaryrefslogtreecommitdiff
path: root/docs/ref/settings.txt
AgeCommit message (Collapse)Author
2021-01-04Refs #28741 -- Doc'd SESSION_COOKIE_DOMAIN requirement with CSRF_USE_SESSIONS.Tim Graham
Similar considerations as refs #32065, again adding some nuance to afd375fc343baa46e61036087bc43b3d096bb0ca.
2020-12-15Corrected formatting in settings docs.Carlton Gibson
2020-12-15Fixed #31007 -- Allowed specifying type of auto-created primary keys.Tom Forbes
This also changes the default type of auto-created primary keys for new apps and projects to BigAutoField.
2020-12-09Fixed #32193 -- Deprecated MemcachedCache.Mariusz Felisiak
2020-11-02Updated {% static %} tag examples in docs to use single quotes where ↵Nikita Sobolev
appropriate.
2020-10-07Fixed #32065 -- Restored leading dot to CSRF_COOKIE_DOMAIN examples.Carlton Gibson
Partially reverts afd375fc343baa46e61036087bc43b3d096bb0ca. Thanks to Tim Graham for review.
2020-09-23Fixed #32012 -- Made test database creation sync apps models when migrations ↵Mariusz Felisiak
are disabled. Thanks Jaap Roes for the report.
2020-09-16Fixed #29887 -- Added a cache backend for pymemcache.Nick Pope
2020-08-31Fixed #31934 -- Added note about the default of SameSite cookie flag in ↵Hasan Ramezani
modern browsers.
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-07-23Fixed #31821 -- Removed outdated note in FILE_UPLOAD_PERMISSIONS docs.Harpreet Sharma
Follow up to 22aab8662f0368b63f91f2526bdd0532524bc0fe
2020-07-22Fixed #31814 -- Fixed typo in docs/ref/settings.txt.Buk Bukowski
2020-07-20Improved description of USE_THOUSAND_SEPARATOR setting.Adam Johnson
2020-06-15Fixed #31696 -- Updated OWASP links in docs.Hasan Ramezani
2020-05-25Refs #23097 -- Used new octal format in FILE_UPLOAD_PERMISSIONS docs.René Fleschenberg
2020-05-21Fixed #31608 -- Doc'd that form ISO 8601 datetime parsing always retains tzinfo.Hasan Ramezani
2020-05-13Removed versionadded/changed annotations for 3.0.Mariusz Felisiak
2020-05-05Refs #28622 -- Corrected PASSWORD_RESET_TIMEOUT/PASSWORD_RESET_TIMEOUT_DAYS ↵Chris Burchhardt
docs. Removed outdated note about an extra day in PASSWORD_RESET_TIMEOUT docs and incorrect "minimum" phrase.
2020-04-28Fixed broken links in docs.Mariusz Felisiak
2020-03-27Fixed #31400 -- Doc'd the expected type of CONN_MAX_AGE database option.Hasan Ramezani
2020-02-05Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'.Adam Johnson
2020-01-29Fixed #31126 -- Doc'd STATICFILES_DIRS namespacing in static files how-to.Abhijeet
2020-01-16Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.Pavel Lysak
2020-01-07Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default ↵Claude Paroz
input formats.
2019-12-12Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.Osaetin Daniel
Thanks Florian Apolloner and Carlton Gibson for reviews.
2019-12-05Fixed #31010 -- Allowed subdomains of localhost in the Host header by ↵Gordon Pendleton
default when DEBUG=True.
2019-12-04Fixed #23524 -- Allowed DATABASES['TIME_ZONE'] option on PostgreSQL.Aymeric Augustin
2019-11-27Fixed #31029 -- Used more specific links to RFCs.Baptiste Mispelon
2019-11-25Refs #25388 -- Corrected value of TEST MIGRATE setting in MIGRATION_MODULES ↵Jon Dufresne
docs.
2019-11-20Fixed #25388 -- Added an option to allow disabling of migrations during test ↵Jon Dufresne
database creation.
2019-11-06Refs #29983 -- Added pathlib.Path support to the file email backend.Jon Dufresne
2019-11-06Added a link to the file email backend from EMAIL_FILE_PATH setting.Jon Dufresne
2019-10-11Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading ↵René Fleschenberg
slashes.
2019-09-25Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to ↵Oleg Kainov
relative paths. Thanks Florian Apolloner for reviews. Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-23Fixed typo in docs/ref/settings.txt.Mariusz Felisiak
2019-09-20Refs #28622 -- Clarified security implications of PASSWORD_RESET_TIMEOUT.Luke Plant
2019-09-20Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵Hasan Ramezani
and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-13Fixed typos in docs/ref/settings.txt.Ben Falk
2019-09-10Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline.Mariusz Felisiak
2019-09-10Removed versionadded/changed annotations for 2.2.Mariusz Felisiak
2019-09-09Fixed #29406 -- Added support for Referrer-Policy header.Nick Pope
Thanks to James Bennett for the initial implementation.
2019-09-09Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.Claude Paroz
2019-09-06Fixed #30573 -- Rephrased documentation to avoid words that minimise the ↵Tobias Kunze
involved difficulty. This patch does not remove all occurrences of the words in question. Rather, I went through all of the occurrences of the words listed below, and judged if they a) suggested the reader had some kind of knowledge/experience, and b) if they added anything of value (including tone of voice, etc). I left most of the words alone. I looked at the following words: - simply/simple - easy/easier/easiest - obvious - just - merely - straightforward - ridiculous Thanks to Carlton Gibson for guidance on how to approach this issue, and to Tim Bell for providing the idea. But the enormous lion's share of thanks go to Adam Johnson for his patient and helpful review.
2019-08-18Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.Claude Paroz
2019-08-05Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER ↵Adnan Umer
setting.
2019-07-01Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review.
2019-06-11Changed charset and collation link to MySQL docs.Mykola Nicholas
2019-05-27Refs #29548 -- Updated docs for MariaDB support.Mariusz Felisiak
2019-04-24Fixes #30342 -- Removed a system check for LANGUAGES_BIDI setting.Matthias Kestenholz
This partly reverts commit 4400d8296d268f5a8523cd02ddc33b12219b2535.
2019-04-08Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags ↵Ran Benita
on language cookies.