summaryrefslogtreecommitdiff
path: root/django/middleware
AgeCommit message (Collapse)Author
2021-01-14Refs #26601 -- Made get_response argument required and don't accept None in ↵Mariusz Felisiak
middleware classes. Per deprecation timeline.
2020-10-28Made small readability improvements.Martin Thoma
2020-10-22Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.Carlton Gibson
2020-09-14Fixed #31789 -- Added a new headers interface to HttpResponse.Tom Carrick
2020-08-28Fixed #31928 -- Fixed detecting an async get_response in various middlewares.Kevin Michel
SecurityMiddleware and the three cache middlewares were not calling super().__init__() during their initialization or calling the required MiddlewareMixin._async_check() method. This made the middlewares not properly present as coroutine and confused the middleware chain when used in a fully async context. Thanks Kordian Kowalski for the report.
2020-05-04Refs #30573 -- Rephrased "Of Course" and "Obvious(ly)" in documentation and ↵Adam Johnson
comments.
2020-02-26Fixed #28699 -- Fixed CSRF validation with remote user middleware.Colton Hicks
Ensured process_view() always accesses the CSRF token from the session or cookie, rather than the request, as rotate_token() may have been called by an authentication middleware during the process_request() phase.
2020-02-25Fixed #31291 -- Renamed salt to mask for CSRF tokens.Ram Rachum
2020-02-18Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵Claude Paroz
classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-01-16Fixed #30765 -- Made cache_page decorator take precedence over max-age ↵Flavio Curella
Cache-Control directive.
2019-10-29Fixed #30899 -- Lazily compiled import time regular expressions.Hasan Ramezani
2019-10-23Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting.Sergey Fedoseev
2019-09-09Fixed #29406 -- Added support for Referrer-Policy header.Nick Pope
Thanks to James Bennett for the initial implementation.
2019-09-09Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.Claude Paroz
2019-04-24Removed unnecessary assignments in various code.Jon Dufresne
2019-03-30Optimized CommonMiddleware's check for DISALLOWED_USER_AGENTS.Brad
Avoided getattribute + getitem for each DISALLOWED_USER_AGENTS.
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2018-10-30Capitalized SecurityMiddleware headers for consistency with other headers.Artur Juraszek
(No behavior change since HTTP headers are case insensitive.)
2018-09-08Fixed #29728 -- Prevented session resaving if CSRF cookie is unchanged.Michal Čihař
2018-08-01Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.Andreas Hug
2018-05-04Fixed #26688 -- Fixed HTTP request logging inconsistencies.Samir Shah
* Added logging of 500 responses for instantiated responses. * Added logging of all 4xx and 5xx responses.
2018-04-13Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor
Thanks Alex Gaynor for contributing to the patch.
2018-03-16Fixed hanging indentation in various code.Mariusz Felisiak
2018-02-14Fixed #28693 -- Fixed crash in CsrfViewMiddleware when an HTTPS request has ↵Tomer Chachamu
an invalid host.
2018-02-06Fixed #28833 -- Prevented CacheMiddleware from caching responses with ↵shanghui
"Cache-Control: private".
2018-01-03Fixed #28982 -- Simplified code with and/or.Дилян Палаузов
2017-11-14Fixed #28795 -- Removed 'not in' checks and used dict.setdefault().Дилян Палаузов
2017-11-11Refs #26447 -- Removed outdated ETag comment in CommonMiddleware.Tim Graham
Follow up to 48d57788ee56811fa77cd37b9edf40535f82d87e.
2017-09-22Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline.Tim Graham
2017-09-20Fixed #28488 -- Reallowed error handlers to access CSRF tokens.Florian Apolloner
Regression in eef95ea96faef0b7dbbe0c8092202b74f68a899b.
2017-03-04Refs #27656 -- Updated remaining docstring verbs according to PEP 257.Anton Samarchyan
2017-02-27Imported django.http classes instead of django.http.Asif Saifuddin Auvi
2017-01-30Refs #23919 -- Assumed request COOKIES and META are strClaude Paroz
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-30Refs #16859 -- Allowed storing CSRF tokens in sessions.Raphael Michel
Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review.
2016-11-29Fixed #27402 -- Fixed incorrect LocaleMiddleware redirects with ↵Krzysztof Urbaniak
prefix_default_language=False.
2016-11-06Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a ↵Sven Engström
trailing slash.
2016-11-05Fixed #27346 -- Stopped setting the Content-Length header in ↵Adam Malinowski
ConditionalGetMiddleware.
2016-10-17Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests.Kevin Christopher Henry
2016-10-14Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware.Tim Graham
2016-10-13Refs #19705 -- Made GZipMiddleware make ETags weak.Kevin Christopher Henry
Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression.
2016-10-10Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵Denis Cornehl
ConditionalGetMiddleware.
2016-09-14Fixed #27211 -- Made UpdateCacheMiddleware include caching headers for "304 ↵Rinat Khabibiev
Not Modified" responses.
2016-09-10Fixed #27083 -- Added support for weak ETags.Kevin Christopher Henry
2016-08-10Fixed #26947 -- Added an option to enable the HSTS header preload directive.Ed Morley
2016-07-15Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response ↵andrewnester
has Cache-Control: no-store.
2016-06-27Fixed #5897 -- Added the Content-Length response header in CommonMiddlewareClaude Paroz
Thanks Tim Graham for the review.
2016-06-17Refs #26601 -- Improved backwards-compatibility of DEP 5 middleware ↵Carl Meyer
exception handling.
2016-06-04Removed an unused logger in middleware/common.pyTim Graham
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 02:16:11 +0000