| Age | Commit message (Collapse) | Author |
|
Extracted the repeated `split(",")` + per-token `.strip()` pattern into
a `split_header_value()` generator in django/utils/http.py. The previous
`cc_delim_re` regex only stripped whitespace adjacent to the comma
delimiter, leaving leading or trailing whitespace on the first and last
tokens. Now, `split_header_value()` strips every token fully, matching
RFC 9110's optional-whitespace rules.
Thanks to Shai Berger, Jacob Walls, and Sarah Boyce for reviews.
|
|
The CSP report test relied on the debug view having a CSP error,
which has been fixed in 3e4e0db. This commit added a custom
view to reintroduce the same error to verify the reporting
behavior.
Follow-up to 3e4e0db66961a48a080ff3ff91f6c0d954261366.
|
|
See DEP 0018.
Added:
* MAILERS setting.
* django.core.mail.mailers dict-like EmailBackend factory.
* `using` argument to mail sending APIs.
* `sent_using` attribute to mail.outbox messages in locmem backend.
* MAILERS in startproject settings template, set to console backend.
* AdminLogHandler.using argument.
* BrokenLinkEmailsMiddleware.send_mail() method.
Updated:
* BaseEmailBackend to track the MAILERS alias used to construct it, and
to report errors for unknown kwargs (OPTIONS).
* EmailBackend implementations to initialize from kwargs (OPTIONS) only
when MAILERS is being used.
* smtp.EmailBackend to require `host` option and to default `port`
option based on SSL/TLS options.
* SimpleTestCase setup to substitute the locmem backend for all defined
MAILERS configurations.
* Django's tests that send mail to define MAILERS.
Deprecated:
* EMAIL_BACKEND and other backend-related EMAIL_* settings.
* mail.get_connection().
* The `connection`, `fail_silently`, `auth_user`, and `auth_password`
arguments to mail functions.
* The EmailMessage.connection attribute.
* BaseEmailBackend support for `fail_silently`. Backends that support
fail_silently (SMTP, console, file) now implement it directly.
* AdminEmailHandler.email_backend argument.
Removed undocumented features without deprecation:
* EmailMessage.get_connection() method. (send() now raises an error if a
subclass has attempted to override it.)
* EmailMessage.send() no longer sets self.connection to the connection
used for sending. (It still _uses_ a pre-existing self.connection.)
* AdminEmailHandler.connection() method. (Init now raises an error if a
subclass has attempted to override it.)
Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive
reviews and suggestions on the implementation.
Thanks to Jacob Rief for the initial implementation and multiple
iterations while refining the design.
Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
|
|
Simplified and removed use of soon-to-be-deprecated or removed features
from tests for AdminEmailHandler and BrokenLinkEmailsMiddleware. Added
or updated cases to ensure `fail_silently` usage remains consistent
during the transition to email providers.
Changed custom FailingEmailBackend to respect fail_silently and record
its use in a class-level property.
In AdminEmailHandlerTest:
* Added make_log_record() helper to reduce duplicated code.
* Changed test_fail_silently() to send through the FailingEmailBackend,
which will fail if not initialized with fail_silently=True. (Rather
than inspecting attributes of a soon-to-be-deprecated connection.)
* Simplified test_uses_custom_email_backend() by replacing monkeypatches
with inspectable custom backend.
* In test_customize_send_mail_method(), removed use of the undocumented
self.connection() method and the soon-to-be-deprecated `connection`
arg to mail_managers(). This test verifies a subclass can customize
sending by mailing the managers rather than the admins. Involving a
email backend connection was irrelevant.
In BrokenLinkEmailsMiddlewareTest, added a case with FailingEmailBackend
to verify send uses fail_silently=True.
|
|
Thanks Thibaud Colas for the review.
|
|
|
|
APPEND_SLASH.
|
|
disable policies.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Previously, the ADMINS and MANAGERS settings were lists of (name, address)
tuples (where the name had been unused). Deprecated use of tuples.
Updated settings value sanity checks, and changed from ValueError to
ImproperlyConfigured.
|
|
https://github.com/psf/black/releases/tag/24.1.0
|
|
DELETE requests.
|
|
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.
https://github.com/psf/black/releases/tag/23.1.0
|
|
and tests.
|
|
Thanks to Florian Vazelle for initial exploratory work, and to Nick
Pope and Mariusz Felisiak for review.
|
|
|
|
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
|
|
Identified using the following command:
$ pcre2grep --line-number --multiline --recursive \
"(?s)(\n +)(\w+) = [^\n]+\1return \2;?$" \
django docs extras js_tests scripts tests
|
|
with /.
By moving a should_redirect_with_slash call out of an if block, commit
9390da7fb6e251eaa9a785692f987296cb14523f negated the performance fix
of commit 434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (#24720).
Meanwhile, the logging issue #26293 that it targeted was subsequently
fixed more fully by commit 40b69607c751c4afa453edfd41d2ed155e58187e
(#26504), so it is no longer needed. This effectively reverts it.
This speeds up successful requests not ending with / when APPEND_SLASH
is enabled (the default, and still useful in projects with a mix of
URLs with and without trailing /). The amount of speedup varies from
about 5% in a typical project to nearly 50% on a benchmark with many
routes.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
|
|
|
|
|
appropriate.
|
|
|
|
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
|
|
|
|
|
|
classes.
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
with non-empty content.
|
|
Thanks to James Bennett for the initial implementation.
|
|
|
|
ADMINS/MANAGERS is set incorrectly.
|
|
|
|
|
|
|
|
|
|
(No behavior change since HTTP headers are case insensitive.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Thanks Tim Graham for the review.
|
|
Thanks Tim Graham for the review.
|
|
|
|
|
|
trailing slash.
|