diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2017-09-17 22:24:05 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-09-20 16:22:18 -0400 |
| commit | c4c128d67c7dc2830631c6859a204c9d259f1fb1 (patch) | |
| tree | 769b7ee6671d25bd8496c2748193bf0a9bd0a46c /docs | |
| parent | 77f82c4bf1565b074d12b1531caa4bc4f4b89506 (diff) | |
Fixed #28488 -- Reallowed error handlers to access CSRF tokens.
Regression in eef95ea96faef0b7dbbe0c8092202b74f68a899b.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.11.6.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/releases/1.11.6.txt b/docs/releases/1.11.6.txt index ff9d4385fe..222a9c9125 100644 --- a/docs/releases/1.11.6.txt +++ b/docs/releases/1.11.6.txt @@ -14,3 +14,7 @@ Bugfixes * Fixed crash when using the name of a model's autogenerated primary key (``id``) in an ``Index``'s ``fields`` (:ticket:`28597`). + +* Fixed a regression in Django 1.9 where a custom view error handler such as + ``handler404`` that accesses ``csrf_token`` could cause CSRF verification + failures on other pages (:ticket:`28488`). |