| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-02-01 | [4.2.x] Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main | |||
| 2023-01-04 | Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵ | David Wobrock | |
| and tests. | |||
| 2022-12-22 | Fixed #33735 -- Added async support to StreamingHttpResponse. | Carlton Gibson | |
| Thanks to Florian Vazelle for initial exploratory work, and to Nick Pope and Mariusz Felisiak for review. | |||
| 2022-12-17 | Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. | Andreas Pelme | |
| 2022-11-10 | Updated documentation and comments for RFC updates. | Nick Pope | |
| - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | |||
| 2022-10-31 | Avoided assignment followed by immediate return. | Nick Pope | |
| Identified using the following command: $ pcre2grep --line-number --multiline --recursive \ "(?s)(\n +)(\w+) = [^\n]+\1return \2;?$" \ django docs extras js_tests scripts tests | |||
| 2022-06-02 | Fixed #33700 -- Skipped extra resolution for successful requests not ending ↵ | Anders Kaseorg | |
| with /. By moving a should_redirect_with_slash call out of an if block, commit 9390da7fb6e251eaa9a785692f987296cb14523f negated the performance fix of commit 434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (#24720). Meanwhile, the logging issue #26293 that it targeted was subsequently fixed more fully by commit 40b69607c751c4afa453edfd41d2ed155e58187e (#26504), so it is no longer needed. This effectively reverts it. This speeds up successful requests not ending with / when APPEND_SLASH is enabled (the default, and still useful in projects with a mix of URLs with and without trailing /). The amount of speedup varies from about 5% in a typical project to nearly 50% on a benchmark with many routes. Signed-off-by: Anders Kaseorg <andersk@mit.edu> | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-04-30 | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | |
| 2021-03-30 | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | |
| Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | |||
| 2020-10-22 | Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. | Carlton Gibson | |
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-02-18 | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | |
| classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-10-10 | Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses ↵ | Viktor Lomakin | |
| with non-empty content. | |||
| 2019-09-09 | Fixed #29406 -- Added support for Referrer-Policy header. | Nick Pope | |
| Thanks to James Bennett for the initial implementation. | |||
| 2019-09-09 | Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. | Claude Paroz | |
| 2019-07-02 | Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ↵ | Hasan Ramezani | |
| ADMINS/MANAGERS is set incorrectly. | |||
| 2019-03-20 | Corrected settings names in SecurityMiddleware tests. | Nick Pope | |
| 2019-02-09 | Removed default empty content argument from HttpResponse calls. | Jon Dufresne | |
| 2018-12-31 | Updated test URL patterns to use path() and re_path(). | Tim Graham | |
| 2018-11-27 | Made reused RequestFactory instances class attributes. | Simon Charette | |
| 2018-10-30 | Capitalized SecurityMiddleware headers for consistency with other headers. | Artur Juraszek | |
| (No behavior change since HTTP headers are case insensitive.) | |||
| 2018-08-01 | Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. | Andreas Hug | |
| 2018-03-16 | Fixed hanging indentation in various code. | Mariusz Felisiak | |
| 2017-09-22 | Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. | Tim Graham | |
| 2017-02-09 | Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). | Tim Graham | |
| 2017-02-01 | Refs #23919 -- Replaced kwargs.pop() with keyword-only arguments. | Vytis Banaitis | |
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
| 2017-01-20 | Refs #23919 -- Removed unneeded force_str calls | Claude Paroz | |
| 2017-01-18 | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2016-11-06 | Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a ↵ | Sven Engström | |
| trailing slash. | |||
| 2016-11-05 | Fixed #27346 -- Stopped setting the Content-Length header in ↵ | Adam Malinowski | |
| ConditionalGetMiddleware. | |||
| 2016-10-17 | Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests. | Kevin Christopher Henry | |
| 2016-10-14 | Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. | Tim Graham | |
| 2016-10-14 | Refs #19705 -- Changed gzip modification times to 0. | Kevin Christopher Henry | |
| This makes gzip output deterministic, which allows ConditionalGetMiddleware to reliably compare ETags on gzipped content (views using the gzip_page() decorator in particular). | |||
| 2016-10-13 | Refs #19705 -- Made GZipMiddleware make ETags weak. | Kevin Christopher Henry | |
| Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression. | |||
| 2016-10-12 | Fixed #19705 -- Set proper headers on conditional Not Modified responses. | Kevin Christopher Henry | |
| 2016-10-10 | Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵ | Denis Cornehl | |
| ConditionalGetMiddleware. | |||
| 2016-09-10 | Fixed #27083 -- Added support for weak ETags. | Kevin Christopher Henry | |
| 2016-08-10 | Fixed #26947 -- Added an option to enable the HSTS header preload directive. | Ed Morley | |
| 2016-08-08 | Fixed docs to refer to HSTS includeSubdomains as a directive. | Ed Morley | |
| The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2 | |||
| 2016-07-28 | Fixed a typo in tests/middleware/test_security.py | Tim Graham | |
| 2016-07-15 | Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response ↵ | andrewnester | |
| has Cache-Control: no-store. | |||
| 2016-06-27 | Fixed #5897 -- Added the Content-Length response header in CommonMiddleware | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-06-16 | Fixed #26747 -- Used more specific assertions in the Django test suite. | Jon Dufresne | |
