summaryrefslogtreecommitdiff
path: root/docs/ref/settings.txt
AgeCommit message (Collapse)Author
2026-06-03Refs CVE-2026-6873 -- Defaulted SIGNED_COOKIE_LEGACY_SALT_FALLBACK ↵Jacob Walls
transitional setting to False.
2026-06-03Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisions.Paul McMillan
Made signed cookies derive their signer namespace from an injective encoding of `(name, salt)` while preserving compatibility with legacy `name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK. Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman, Jake Howard, and Paul McMillan for reviews. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-05-29Refs #35514 -- Improved docs for MAILERS setting and mailers migration guide.Natalia
Thanks Mike Edmunds for flagging these issues and for the review.
2026-05-26Refs #35514 -- Removed specific Django versions from outside deprecated blocks.Natalia
This follows the contributing guidelines that state: [...] Avoid referring to a specific version of Django outside a ``deprecated`` block. Even inside a block, it's often redundant to do so as these annotations render as "Deprecated since version A.B".
2026-05-26Refs #35870 -- Moved deprecated notice at the bottom for USE_BLANK_CHOICE_DASH.Natalia
Also expended a bit on details for the setting so readers know what is it about.
2026-05-20Removed versionadded/changed annotations for 6.0.Sarah Boyce
2026-05-20Refs #35514 -- Cleaned up mailers docs.Mike Edmunds
* Fixed typos related to automated EMAIL_PROVIDERS -> MAILERS renaming. * Clarified wording in some recently added/updated sections. * Removed deprecated, extraneous `fail_silently=False` from examples. * Moved EmailBackend API documentation out of "Email backends" intro into a dedicated section in email.txt. * Sorted MAILERS alphabetically in settings.txt.
2026-05-13Fixed #35514 -- Implemented dictionary-based MAILERS.Mike Edmunds
See DEP 0018. Added: * MAILERS setting. * django.core.mail.mailers dict-like EmailBackend factory. * `using` argument to mail sending APIs. * `sent_using` attribute to mail.outbox messages in locmem backend. * MAILERS in startproject settings template, set to console backend. * AdminLogHandler.using argument. * BrokenLinkEmailsMiddleware.send_mail() method. Updated: * BaseEmailBackend to track the MAILERS alias used to construct it, and to report errors for unknown kwargs (OPTIONS). * EmailBackend implementations to initialize from kwargs (OPTIONS) only when MAILERS is being used. * smtp.EmailBackend to require `host` option and to default `port` option based on SSL/TLS options. * SimpleTestCase setup to substitute the locmem backend for all defined MAILERS configurations. * Django's tests that send mail to define MAILERS. Deprecated: * EMAIL_BACKEND and other backend-related EMAIL_* settings. * mail.get_connection(). * The `connection`, `fail_silently`, `auth_user`, and `auth_password` arguments to mail functions. * The EmailMessage.connection attribute. * BaseEmailBackend support for `fail_silently`. Backends that support fail_silently (SMTP, console, file) now implement it directly. * AdminEmailHandler.email_backend argument. Removed undocumented features without deprecation: * EmailMessage.get_connection() method. (send() now raises an error if a subclass has attempted to override it.) * EmailMessage.send() no longer sets self.connection to the connection used for sending. (It still _uses_ a pre-existing self.connection.) * AdminEmailHandler.connection() method. (Init now raises an error if a subclass has attempted to override it.) Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive reviews and suggestions on the implementation. Thanks to Jacob Rief for the initial implementation and multiple iterations while refining the design. Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
2026-04-28Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.Shai Berger
2026-04-22Fixed #35870 -- Made blank choice label in forms more accessible.Annabelle Wiegart
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
2026-04-07Refs CVE-2026-33034 -- Improved security documentation on handling large ↵Jake Howard
request bodies. Notably that the limit can be bypassed under ASGI.
2026-02-18Refs #19221 -- Fixed outdated KEY_FUNCTION definition in docs/ref/settings.txt.Mike Edmunds
Replaced outdated version of `default_key_func` in settings reference with pointer to current version in cache topic. Rewrote description to match parameter order and behavior of default implementation. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2026-01-19Fixed unbalanced parentheses in docs.Clifford Gama
2025-11-06Removed community packages admonition from settings docs.Tim Schilling
2025-10-30Added community package storage backends mention to docs.Tim Schilling
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2025-10-29Fixed #36329 -- Removed non-code custom link text when cross-referencing ↵Clifford Gama
Python objects. Thanks Bruno Alla, Sarah Boyce, and Jacob Walls for reviews. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2025-09-17Refs #35859 -- Removed support for Task enqueuing on transaction commit.Jacob Walls
This removes the ability to configure Task enqueueing via a setting, since the proposed `ENQUEUE_ON_COMMIT` did not support multi-database setups. Thanks to Simon Charette for the report. Follow-up to 4289966d1b8e848e5e460b7c782dac009d746b20.
2025-09-16Fixed #35859 -- Added background Tasks framework interface.Jake Howard
This work implements what was defined in DEP 14 (https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst). Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce, Jacob Walls, and Natalia Bidart for the reviews.
2025-09-12Fixed #36597 -- Corrected directives for functions from email module in docs.Mridul Dhall
Thanks Mike Edmunds for the report.
2025-09-05Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField.Tim Graham
2025-08-25Refs #36485 -- Rewrapped docs to 79 columns line length.David Smith
Lines in the docs files were manually adjusted to conform to the 79 columns limit per line (plus newline), improving readability and consistency across the content.
2025-08-25Refs #36485 -- Removed double spaces after periods in sentences.Natalia
2025-08-25Refs #36485 -- Removed unnecessary parentheses in :meth: and :func: roles in ↵David Smith
docs.
2025-06-27Fixed #15727 -- Added Content Security Policy (CSP) support.Rob Hudson
This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-03-21Fixed #36138 -- Changed ADMINS and MANAGERS settings to lists of strings.Mike Edmunds
Previously, the ADMINS and MANAGERS settings were lists of (name, address) tuples (where the name had been unused). Deprecated use of tuples. Updated settings value sanity checks, and changed from ValueError to ImproperlyConfigured.
2025-03-19Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and ↵Ahmed Nassar
urlizetrunc.
2025-01-21Refs 35653 -- Clarified docs for EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE ↵Igor Scheller
settings.
2025-01-15Refs #34380 -- Changed the URLField default scheme to https and removed ↵Sarah Boyce
FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline.
2024-09-03Added EMAIL_USE_SSL to the 'Core Settings Topical Index' docs.github-user-en
2024-06-24Fixed #35306 -- Documented fallback localization formats in templates when ↵lufafajoshua
localization is disabled.
2024-06-13Fixed #35470 -- Separated i18n and l10n globalization settings docs.lufafajoshua
2024-05-22Removed versionadded/changed annotations for 5.0.Natalia
This also removes remaining versionadded/changed annotations for older versions.
2024-05-22Fixed #31405 -- Added LoginRequiredMiddleware.Hisham Mahmood
Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-04-05Refs #35354 -- Clarified FORCE_SCRIPT_NAME docs.Carlton Gibson
2024-03-06Fixed broken links and redirects in docs.Mariusz Felisiak
2024-02-20Fixed #35153 -- Added note about locale name notation to FORMAT_MODULE_PATH ↵sandjio
docs. Co-authored-by: Paul Hermans <paul.hermans@benemtech.com>
2024-01-29Fixed #35141 -- Clarified the expected type of CACHE_MIDDLEWARE_SECONDS setting.Alexander Lazarević
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/24.1.0
2024-01-16Used more specific link to email backends in EMAIL_BACKEND docs.Baptiste Mispelon
2023-12-28Improved DEFAULT_FROM_EMAIL/SERVER_EMAIL docs.David D Lowe
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-12-14Added clarifications about the DATABASES.TIME_ZONE setting in docs.David Sanders
These include: - Doc'd which is the default used when DATABASES.TIME_ZONE is None. - Doc'd that the database connection's time zone setting is set for PostgreSQL and clarified that it may be necessary to set it to the same value as TIME_ZONE. Co-authored-by: David Smith <39445562+smithdc1@users.noreply.github.com> Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>
2023-11-29Refs #25778 -- Updated some links and references to HTTPS.Adam Johnson
2023-11-28Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting.Mariusz Felisiak
This allows early adoption of the new default "https".
2023-10-06Refs #32275 -- Added scrypt password hasher to PASSWORD_HASHERS setting docs.ume
2023-10-04Corrected wrap_socket() reference in docs/ref/settings.txt.Mariusz Felisiak
2023-09-18Refs #26029 -- Removed DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.Mariusz Felisiak
This also removes django.core.files.storage.get_storage_class(). Per deprecation timeline.
2023-09-18Removed versionadded/changed annotations for 4.2.Mariusz Felisiak
This also removes remaining versionadded/changed annotations for older versions.
2023-07-24Refs #34712 -- Doc'd that defining STORAGES overrides the default configuration.Bruno Alla
2023-06-23Improved style of n-tuple wording in docs and comments.Nick Pope
2023-04-21Added meaningful titles to ..admonition:: directives.Mariusz Felisiak