summaryrefslogtreecommitdiff
path: root/django/middleware/csrf.py
AgeCommit message (Expand)Author
2024-05-29Fixed 35467 -- Replaced urlparse with urlsplit where appropriate.Jake Howard
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
2023-01-17Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecatio...Mariusz Felisiak
2022-11-14Fixed #34074 -- Added headers argument to RequestFactory and Client classes.David Wobrock
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-11-29Refs #32800 -- Renamed _sanitize_token() to _check_token_format().Chris Jerdonek
2021-11-29Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.Chris Jerdonek
2021-08-17Refs #32800 -- Added _add_new_csrf_cookie() helper function.Chris Jerdonek
2021-08-17Refs #32800 -- Renamed _set_token() to _set_csrf_cookie().Chris Jerdonek
2021-08-03Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().Chris Jerdonek
2021-07-29Refs #32916 -- Replaced request.csrf_cookie_needs_reset with request.META['CS...Chris Jerdonek
2021-07-29Fixed #32916 -- Combined request.META['CSRF_COOKIE_USED'] and request.csrf_co...Chris Jerdonek
2021-07-23Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError.Virtosu Bogdan
2021-07-23Fixed #32902 -- Fixed CsrfViewMiddleware.process_response()'s cookie reset lo...Chris Jerdonek
2021-06-23Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token erro...Chris Jerdonek
2021-06-22Fixed #32842 -- Refactored out CsrfViewMiddleware._check_token().Chris Jerdonek
2021-06-12Fixed comment in CsrfViewMiddleware to say _reject instead of reject.Chris Jerdonek
2021-06-01Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted...Chris Jerdonek
2021-05-31Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted...Chris Jerdonek
2021-05-29Refs #32778 -- Improved the name of the regex object detecting invalid CSRF t...Chris Jerdonek
2021-05-28Refs #32596 -- Added early return on safe methods in CsrfViewMiddleware.proce...Chris Jerdonek
2021-05-28Refs #32596 -- Optimized CsrfViewMiddleware._check_referer() to delay computi...Chris Jerdonek
2021-05-28Fixed #32596 -- Added CsrfViewMiddleware._check_referer().Chris Jerdonek
2021-05-25Fixed #32778 -- Avoided unnecessary recompilation of token regex in _sanitize...abhiabhi94
2021-03-25Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin ...Chris Jerdonek
2021-03-25Refs #32579 -- Fixed cookie domain comment in CsrfViewMiddleware.process_view().Chris Jerdonek
2021-03-25Refs #32579 -- Optimized good_hosts creation in CsrfViewMiddleware.process_vi...Chris Jerdonek
2021-03-19Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header.Adam Donaghy
2021-03-18Fixed #16010 -- Added Origin header checking to CSRF middleware.Tim Graham
2021-03-18Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.Tim Graham
2020-02-26Fixed #28699 -- Fixed CSRF validation with remote user middleware.Colton Hicks
2020-02-25Fixed #31291 -- Renamed salt to mask for CSRF tokens.Ram Rachum
2019-10-23Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting.Sergey Fedoseev
2019-04-24Removed unnecessary assignments in various code.Jon Dufresne
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
2018-09-08Fixed #29728 -- Prevented session resaving if CSRF cookie is unchanged.Michal Čihař
2018-05-04Fixed #26688 -- Fixed HTTP request logging inconsistencies.Samir Shah
2018-04-13Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor
2018-02-14Fixed #28693 -- Fixed crash in CsrfViewMiddleware when an HTTPS request has a...Tomer Chachamu
2017-09-20Fixed #28488 -- Reallowed error handlers to access CSRF tokens.Florian Apolloner
2017-03-04Refs #27656 -- Updated remaining docstring verbs according to PEP 257.Anton Samarchyan
2017-01-30Refs #23919 -- Assumed request COOKIES and META are strClaude Paroz
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-30Refs #16859 -- Allowed storing CSRF tokens in sessions.Raphael Michel
2016-06-04Fixed #26628 -- Changed CSRF logger to django.security.csrf.Holly Becker
2016-05-19Fixed some newlines in imports per isort.Tim Graham
2016-05-19Fixed #20869 -- made CSRF tokens change every request by salt-encrypting themShai Berger
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 21:02:26 +0000