Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/django/middleware
Commit message (Collapse)AuthorAgeFilesLines
* Fixed #24496 -- Added CSRF Referer checking against ↵Matt Robenolt2015-09-161-6/+29
| | | | | | | CSRF_COOKIE_DOMAIN. Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews.
* Fixed #25334 -- Provided a way to allow cross-origin ↵Joshua Kehn2015-09-051-4/+9
| | | | | | | | unsafe requests over HTTPS. Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other domains that are included during the CSRF Referer header verification for secure (HTTPS) requests.
* Fixed #25302 -- Prevented BrokenLinkEmailsMiddleware ↵Maxime Lorant2015-08-251-3/+10
| | | | from reporting 404s when Referer = URL.
* Fixed #24935 -- Refactored common conditional GET handling.Denis Cornehl2015-08-152-36/+21
|
* Updated Wikipedia links to use httpsClaude Paroz2015-08-081-1/+1
|
* Fixed #24720 -- Avoided resolving URLs that don't end in ↵Jay Cox2015-07-311-32/+53
| | | | | | a slash twice in CommonMiddleware. This speeds up affected requests by about 5%.
* Fixed #25017 -- Allowed customizing the ↵sujayskumar2015-06-271-7/+2
| | | | DISALLOWED_USER_AGENTS response
* Removed unnecessary arguments in .get method callsPiotr Jakimiak2015-05-132-3/+3
|
* Fixed #24696 -- Made CSRF_COOKIE computation lazy.Jay Cox2015-05-031-11/+4
| | | | | | | | | | | | Only compute the CSRF_COOKIE when it is actually used. This is a significant speedup for clients not using cookies. Changed result of the “test_token_node_no_csrf_cookie” test: It gets a valid CSRF token now which seems like the correct behavior. Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to use get_token() to trigger CSRF cookie inclusion instead of changing request.META["CSRF_COOKIE_USED"] directly.
* Fixed #24681 -- Removed Unicode bug in ↵Oliver A Bristow2015-04-211-1/+1
| | | | BrokenLinkEmailMiddleware
* Fixed #19910 -- Added slash to i18n redirect if ↵Bas Peschier2015-03-262-23/+12
| | | | | | | | APPEND_SLASH is set. This introduces a force_append_slash argument for request.get_full_path() which is used by RedirectFallbackMiddleware and CommonMiddleware when handling redirects for settings.APPEND_SLASH.
* Fixed #23960 -- Removed http.fix_location_headerClaude Paroz2015-03-182-11/+7
| | | | Thanks Carl Meyer for the report and Tim Graham for the review.
* Fixed #21495 -- Added settings.CSRF_HEADER_NAMEGrzegorz Slusarek2015-03-051-1/+1
|
* Fixed #24360 -- Delayed internal LocaleMiddleware ↵Claude Paroz2015-03-021-12/+9
| | | | | | variable initialization Failing in a middleware `__init__` is preventing proper debug view.
* Sorted imports with isort; refs #23860.Tim Graham2015-02-065-13/+14
|
* Removed UpdateCacheMiddleware._session_accessed()Tim Graham2015-02-021-6/+0
| | | | This method is unused since f567d04b249913db4a37adab8ba521cdc974d423
* Fixed #24145 -- Added PUT & PATCH to CommonMiddleware ↵Samuel Colvin2015-01-291-5/+5
| | | | APPEND_SLASH redirect error.
* Fixed #23815 -- Prevented UnicodeDecodeError in CSRF ↵Claude Paroz2015-01-061-1/+5
| | | | | | | middleware Thanks codeitloadit for the report, living180 for investigations and Tim Graham for the review.
* Fixed #23531 -- Added ↵Berker Peksag2014-11-041-1/+6
| | | | CommonMiddleware.response_redirect_class.
* Fixed #17101 -- Integrated django-secure and added check ↵Tim Graham2014-09-121-0/+43
| | | | | | | | | --deploy option Thanks Carl Meyer for django-secure and for reviewing. Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and Jorge Carleitao for reviews.
* Fixed #21579 -- Made LocaleMiddleware respect script prefix.Tim Graham2014-08-141-4/+13
| | | | Thanks buettgenbach at datacollect.com for the report and patch.
* Fixed #20128 -- Made CsrfViewMiddleware ignore IOError ↵Tim Graham2014-06-251-1/+9
| | | | | | when reading POST data. Thanks Walter Doekes.
* Fixed #22440 -- Updated ConditionalGetMiddleware to ↵Mark Lavin2014-06-141-2/+7
| | | | comply with RFC 2616.
* Fixed #17552 -- Removed a hack for IE6 and earlier.Aymeric Augustin2014-06-101-7/+1
| | | | | | | It prevented the GZipMiddleware from compressing some data types even on more recent version of IE where the corresponding bug was fixed. Thanks Aaron Cannon for the report and Tim Graham for the review.
* Fixed several typos in DjangoAlex Gaynor2014-05-291-1/+1
|
* Prevented leaking the CSRF token through caching.Aymeric Augustin2014-04-221-1/+9
| | | | This is a security fix. Disclosure will follow shortly.
* Corrected many style guide violations that the newest ↵Alex Gaynor2014-03-301-1/+1
| | | | version of flake8 catches
* Removed django.middleware.doc. Refs #20126.Aymeric Augustin2014-03-211-9/+0
| | | | Small doc changes missed in 66076268.
* Removed legacy transaction management per the ↵Aymeric Augustin2014-03-211-58/+0
| | | | deprecation timeline.
* Removed settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY per ↵Tim Graham2014-03-211-25/+2
| | | | | | deprecation timeline. refs #15201.
* Removed settings.SEND_BROKEN_LINK_EMAILS per deprecation ↵Tim Graham2014-03-211-8/+0
| | | | timeline.
* Fixed #21188 -- Introduced subclasses for ↵Claude Paroz2014-03-084-4/+10
| | | | | | | to-be-removed-in-django-XX warnings Thanks Anssi Kääriäinen for the idea and Simon Charette for the review.
* Fixed #22185 -- Added settings.CSRF_COOKIE_AGERoger Hu2014-03-061-1/+1
| | | | Thanks Paul McMillan for the review.
* Fixed #21389 -- Accept most valid language codesBouke Haarsma2014-02-261-6/+1
| | | | | | | | | | | | By removing the 'supported' keyword from the detection methods and only relying on a cached settings.LANGUAGES, the speed of said methods has been improved; around 4x raw performance. This allows us to stop checking Python's incomplete list of locales, and rely on a less restrictive regular expression for accepting certain locales. HTTP Accept-Language is defined as being case-insensitive, based on this fact extra performance improvements have been made; it wouldn't make sense to check for case differences.
* Fixed #21473 -- Limited language preservation to logoutLudwik Trammer2013-12-121-10/+0
| | | | | | | | | Current language is no longer saved to session by LocaleMiddleware on every response (the behavior introduced in #14825). Instead language stored in session is reintroduced into new session after logout. Forward port of c558a43fd6 to master.
* Fixed E125 pep8 warningsChristopher Medrela2013-11-281-1/+1
|
* Fixed #21012 -- New API to access cache backends.Curtis Maloney2013-11-231-28/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thanks Curtis Malony and Florian Apolloner. Squashed commit of the following: commit 3380495e93f5e81b80a251b03ddb0a80b17685f5 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 14:18:07 2013 +0100 Looked up the template_fragments cache at runtime. commit 905a74f52b24a198f802520ff06290a94dedc687 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 14:19:48 2013 +0100 Removed all uses of create_cache. Refactored the cache tests significantly. Made it safe to override the CACHES setting. commit 35e289fe9285feffed3c60657af9279a6a2cfccc Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 12:23:57 2013 +0100 Removed create_cache function. commit 8e274f747a1f1c0c0e6c37873e29067f7fa022e8 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 12:04:52 2013 +0100 Updated docs to describe a simplified cache backend API. commit ee7eb0f73e6d4699edcf5d357dce715224525cf6 Author: Curtis Maloney <curtis@tinbrain.net> Date: Sat Oct 19 09:49:24 2013 +1100 Fixed #21012 -- Thread-local caches, like databases.
* Fixed flake8 E251 violationsMilton Mazzarri2013-11-031-1/+1
|
* Fixed all E261 warningscoagulant2013-11-021-3/+3
|
* More attacking E302 violatorsAlex Gaynor2013-11-026-0/+7
|
* Fixed #21302 -- Fixed unused imports and import *.Tim Graham2013-11-021-1/+1
|
* Fixed #21324 -- Translate CSRF failure viewBouke Haarsma2013-11-021-3/+2
| | | | Thanks to Claude Paroz for the original patch.
* Fixed #5789 -- Changed LocaleMiddleware session variable ↵Bouke Haarsma2013-10-221-2/+8
| | | | | | | | | | to '_language'. The old 'django_language' variable will still be read from in order to migrate users. The backwards-compatability shim will be removed in Django 1.8. Thanks to jdunck for the report and stugots for the initial patch.
* Fixed #21288 -- Fixed E126 pep8 warningsAlasdair Nicol2013-10-211-1/+1
|
* Fixed bug causing CSRF token not to rotate on login.Tim Graham2013-10-181-1/+4
| | | | Thanks Gavin McQuillan for the report.
* Fixed #7603 -- Added a 'scheme' property to the ↵Unai Zalakain2013-10-152-3/+3
| | | | | | | | | | | | | | | | | | | HttpRequest object `HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is appropriately set and falls back to `HttpRequest._get_scheme()` (a hook for subclasses to implement) otherwise. `WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI environ variable to determine the request scheme. `HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is `https`. This provides a way to check the current scheme in templates, for example. It also allows us to deal with other schemes. Thanks nslater for the suggestion.
* Used "is" for comparisons with None.Tim Graham2013-10-101-1/+1
|
* Fixed #19277 -- Added ↵Emil Stenström2013-10-031-1/+2
| | | | | | LocaleMiddleware.response_redirect_class Thanks ppetrid at yawd.eu for the suggestion.
* Deprecated SortedDict (replaced with ↵Curtis Maloney2013-08-041-2/+3
| | | | | | collections.OrderedDict) Thanks Loic Bistuer for the review.
* Advanced deprecation warnings for Django 1.7.Aymeric Augustin2013-06-294-4/+4
|