| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Fixed #24496 -- Added CSRF Referer checking against ↵ | Matt Robenolt | 2015-09-16 | 1 | -13/+92 |
| | | | | | | | | CSRF_COOKIE_DOMAIN. Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews. | ||||
| * | Cleaned up docstrings in csrf_tests/tests.py. | Joshua Kehn | 2015-09-05 | 1 | -15/+13 |
| | | |||||
| * | Fixed #25334 -- Provided a way to allow cross-origin ↵ | Joshua Kehn | 2015-09-05 | 1 | -0/+13 |
| | | | | | | | | | unsafe requests over HTTPS. Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other domains that are included during the CSRF Referer header verification for secure (HTTPS) requests. | ||||
| * | Fixed #24836 -- Made force_text() resolve lazy objects. | Tim Graham | 2015-05-27 | 1 | -0/+15 |
| | | |||||
| * | Refs #24652 -- Used SimpleTestCase where appropriate. | Simon Charette | 2015-05-20 | 1 | -2/+2 |
| | | |||||
| * | Fixed #24696 -- Made CSRF_COOKIE computation lazy. | Jay Cox | 2015-05-03 | 1 | -3/+10 |
| | | | | | | | | | | | | | Only compute the CSRF_COOKIE when it is actually used. This is a significant speedup for clients not using cookies. Changed result of the “test_token_node_no_csrf_cookie” test: It gets a valid CSRF token now which seems like the correct behavior. Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to use get_token() to trigger CSRF cookie inclusion instead of changing request.META["CSRF_COOKIE_USED"] directly. | ||||
| * | Fixed #21495 -- Added settings.CSRF_HEADER_NAME | Grzegorz Slusarek | 2015-03-05 | 1 | -0/+10 |
| | | |||||
| * | Sorted imports with isort; refs #23860. | Tim Graham | 2015-02-06 | 1 | -2/+5 |
| | | |||||
| * | Used None-related assertions in CSRF tests | Claude Paroz | 2015-01-06 | 1 | -11/+11 |
| | | | | | Thanks Markus Holtermann for spotting this. | ||||
| * | Fixed #23815 -- Prevented UnicodeDecodeError in CSRF ↵ | Claude Paroz | 2015-01-06 | 1 | -0/+5 |
| | | | | | | | | middleware Thanks codeitloadit for the report, living180 for investigations and Tim Graham for the review. | ||||
| * | Moved context_processors from django.core to ↵ | Aymeric Augustin | 2014-12-28 | 1 | -1/+1 |
| | | | | | django.template. | ||||
| * | Fixed #23620 -- Used more specific assertions in the ↵ | Berker Peksag | 2014-11-03 | 1 | -3/+3 |
| | | | | | Django test suite. | ||||
| * | Fixed #20128 -- Made CsrfViewMiddleware ignore IOError ↵ | Tim Graham | 2014-06-25 | 1 | -0/+41 |
| | | | | | | | when reading POST data. Thanks Walter Doekes. | ||||
| * | Fixed #22185 -- Added settings.CSRF_COOKIE_AGE | Roger Hu | 2014-03-06 | 1 | -0/+44 |
| | | | | | Thanks Paul McMillan for the review. | ||||
| * | Imported override_settings from its new location. | Aymeric Augustin | 2013-12-23 | 1 | -2/+1 |
| | | |||||
| * | Removed superfluous models.py files. | Aymeric Augustin | 2013-12-17 | 1 | -1/+0 |
| | | | | | | | | Added comments in the three empty models.py files that are still needed. Adjusted the test runner to add applications corresponding to test labels to INSTALLED_APPS even when they don't have a models module. | ||||
| * | PEP8 cleanup | Jason Myers | 2013-11-03 | 1 | -0/+5 |
| | | | | | Signed-off-by: Jason Myers <jason@jasonamyers.com> | ||||
| * | Fix all violators of E231 | Alex Gaynor | 2013-10-26 | 1 | -3/+3 |
| | | |||||
| * | Removed some more unused local vars | Alex Gaynor | 2013-09-08 | 1 | -1/+1 |
| | | |||||
| * | Fixed #19436 -- Don't log warnings in ensure_csrf_cookie. | Olivier Sels | 2013-05-18 | 1 | -12/+39 |
| | | |||||
| * | Fixed #20411 -- Don't let invalid referers blow up CSRF ↵ | Florian Apolloner | 2013-05-18 | 1 | -0/+13 |
| | | | | | | | same origin checks. Thanks to edevil for the report and saz for the patch. | ||||
| * | Merged regressiontests and modeltests into the test root. | Florian Apolloner | 2013-02-26 | 3 | -0/+343 |