summaryrefslogtreecommitdiff
path: root/tests/middleware
AgeCommit message (Collapse)Author
2023-01-04Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵David Wobrock
and tests.
2022-12-22Fixed #33735 -- Added async support to StreamingHttpResponse.Carlton Gibson
Thanks to Florian Vazelle for initial exploratory work, and to Nick Pope and Mariusz Felisiak for review.
2022-12-17Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware.Andreas Pelme
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-10-31Avoided assignment followed by immediate return.Nick Pope
Identified using the following command: $ pcre2grep --line-number --multiline --recursive \ "(?s)(\n +)(\w+) = [^\n]+\1return \2;?$" \ django docs extras js_tests scripts tests
2022-06-02Fixed #33700 -- Skipped extra resolution for successful requests not ending ↵Anders Kaseorg
with /. By moving a should_redirect_with_slash call out of an if block, commit 9390da7fb6e251eaa9a785692f987296cb14523f negated the performance fix of commit 434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (#24720). Meanwhile, the logging issue #26293 that it targeted was subsequently fixed more fully by commit 40b69607c751c4afa453edfd41d2ed155e58187e (#26504), so it is no longer needed. This effectively reverts it. This speeds up successful requests not ending with / when APPEND_SLASH is enabled (the default, and still useful in projects with a mix of URLs with and without trailing /). The amount of speedup varies from about 5% in a typical project to nearly 50% on a benchmark with many routes. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-07-29Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵David Smith
appropriate.
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-03-30Fixed #31840 -- Added support for Cross-Origin Opener Policy header.bankc
Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com>
2020-10-22Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.Carlton Gibson
2020-09-14Fixed #31789 -- Added a new headers interface to HttpResponse.Tom Carrick
2020-02-18Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵Claude Paroz
classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-10-10Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses ↵Viktor Lomakin
with non-empty content.
2019-09-09Fixed #29406 -- Added support for Referrer-Policy header.Nick Pope
Thanks to James Bennett for the initial implementation.
2019-09-09Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.Claude Paroz
2019-07-02Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ↵Hasan Ramezani
ADMINS/MANAGERS is set incorrectly.
2019-03-20Corrected settings names in SecurityMiddleware tests.Nick Pope
2019-02-09Removed default empty content argument from HttpResponse calls.Jon Dufresne
2018-12-31Updated test URL patterns to use path() and re_path().Tim Graham
2018-11-27Made reused RequestFactory instances class attributes.Simon Charette
2018-10-30Capitalized SecurityMiddleware headers for consistency with other headers.Artur Juraszek
(No behavior change since HTTP headers are case insensitive.)
2018-08-01Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.Andreas Hug
2018-03-16Fixed hanging indentation in various code.Mariusz Felisiak
2017-09-22Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.Tim Graham
2017-02-09Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().Tim Graham
2017-02-01Refs #23919 -- Replaced kwargs.pop() with keyword-only arguments.Vytis Banaitis
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-20Refs #23919 -- Removed unneeded force_str callsClaude Paroz
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-10Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za
2016-11-06Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a ↵Sven Engström
trailing slash.
2016-11-05Fixed #27346 -- Stopped setting the Content-Length header in ↵Adam Malinowski
ConditionalGetMiddleware.
2016-10-17Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests.Kevin Christopher Henry
2016-10-14Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.Tim Graham
2016-10-14Refs #19705 -- Changed gzip modification times to 0.Kevin Christopher Henry
This makes gzip output deterministic, which allows ConditionalGetMiddleware to reliably compare ETags on gzipped content (views using the gzip_page() decorator in particular).
2016-10-13Refs #19705 -- Made GZipMiddleware make ETags weak.Kevin Christopher Henry
Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression.
2016-10-12Fixed #19705 -- Set proper headers on conditional Not Modified responses.Kevin Christopher Henry
2016-10-10Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵Denis Cornehl
ConditionalGetMiddleware.
2016-09-10Fixed #27083 -- Added support for weak ETags.Kevin Christopher Henry
2016-08-10Fixed #26947 -- Added an option to enable the HSTS header preload directive.Ed Morley
2016-08-08Fixed docs to refer to HSTS includeSubdomains as a directive.Ed Morley
The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2
2016-07-28Fixed a typo in tests/middleware/test_security.pyTim Graham
2016-07-15Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response ↵andrewnester
has Cache-Control: no-store.
2016-06-27Fixed #5897 -- Added the Content-Length response header in CommonMiddlewareClaude Paroz
Thanks Tim Graham for the review.
2016-06-16Fixed #26747 -- Used more specific assertions in the Django test suite.Jon Dufresne
2016-04-08Fixed E128 flake8 warnings in tests/.Tim Graham