From 1f68bb5683608ebe1ce47f0c9d37dad9482d1df9 Mon Sep 17 00:00:00 2001 From: Przemysław Suliga Date: Fri, 19 Aug 2016 14:32:21 +0200 Subject: Refs #26902 -- Protected against insecure redirects in set_language(). --- docs/releases/1.11.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/releases/1.11.txt b/docs/releases/1.11.txt index 64afe7a841..802a09e6a9 100644 --- a/docs/releases/1.11.txt +++ b/docs/releases/1.11.txt @@ -356,12 +356,12 @@ to assign a free port. The ``DJANGO_LIVE_TEST_SERVER_ADDRESS`` environment variable is no longer used, and as it's also no longer used, the ``manage.py test --liveserver`` option is removed. -Protection against insecure redirects in :mod:`django.contrib.auth` views -------------------------------------------------------------------------- +Protection against insecure redirects in :mod:`django.contrib.auth` and ``i18n`` views +-------------------------------------------------------------------------------------- -``LoginView`` and ``LogoutView`` (and the deprecated function-based equivalents) -protect users from being redirected to non-HTTPS ``next`` URLs when the app -is running over HTTPS. +``LoginView``, ``LogoutView`` (and the deprecated function-based equivalents), +and :func:`~django.views.i18n.set_language` protect users from being redirected +to non-HTTPS ``next`` URLs when the app is running over HTTPS. Miscellaneous ------------- -- cgit v1.3