| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-02-10 | Fixed #36903 -- Fixed further NameErrors when inspecting functions with ↵ | 93578237 | |
| deferred annotations. Provide a wrapper for safe introspection of user functions on Python 3.14+. Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04. | |||
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2025-06-27 | Fixed #15727 -- Added Content Security Policy (CSP) support. | Rob Hudson | |
| This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2023-07-11 | Refs #34695 -- Added tests for check for CSRF_FAILURE_VIEW signature with ↵ | Mariusz Felisiak | |
| valid class-based view. | |||
| 2022-02-21 | Refs #33526 -- Made ↵ | Mariusz Felisiak | |
| CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_HTTPONLY don't pass on truthy values. | |||
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2021-03-30 | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | |
| Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | |||
| 2021-01-12 | Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code. | Hasan Ramezani | |
| 2021-01-12 | Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting. | Hasan Ramezani | |
| 2020-11-11 | Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about ↵ | Artem Kosenko | |
| autogenerated default keys. Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews. | |||
| 2020-03-21 | Normalized check framework test pattern. | Adam Johnson | |
| 2019-09-09 | Fixed #29406 -- Added support for Referrer-Policy header. | Nick Pope | |
| Thanks to James Bennett for the initial implementation. | |||
| 2019-08-05 | Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER ↵ | Adnan Umer | |
| setting. | |||
| 2018-03-16 | Fixed hanging indentation in various code. | Mariusz Felisiak | |
| 2017-12-28 | Removed unnecessary trailing commas and spaces in various code. | Mariusz Felisiak | |
| 2017-01-17 | Refs #26601 -- Removed support for old-style middleware using ↵ | Tim Graham | |
| settings.MIDDLEWARE_CLASSES. | |||
| 2016-12-19 | Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security. | Tim Graham | |
| 2016-12-17 | Refs #16859 -- Disabled CSRF_COOKIE_* checks when using CSRF_USE_SESSIONS. | Raphael Michel | |
| 2016-08-10 | Refs #26947 -- Added a deployment system check for SECURE_HSTS_PRELOAD. | Ed Morley | |
| 2016-05-17 | Fixed #26601 -- Improved middleware per DEP 0005. | Florian Apolloner | |
| Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP. | |||
| 2015-12-03 | Fixed many spelling mistakes in code, comments, and docs. | Josh Soref | |
| 2015-07-15 | Fixed #24966 -- Added deployment system check for empty ALLOWED_HOSTS. | rroskam | |
| 2015-05-20 | Refs #24652 -- Used SimpleTestCase where appropriate. | Simon Charette | |
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2014-09-12 | Fixed #17101 -- Integrated django-secure and added check --deploy option | Tim Graham | |
| Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews. | |||
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |