summaryrefslogtreecommitdiff
path: root/tests/csrf_tests/tests.py
Commit message (Collapse)AuthorAgeFilesLines
...
* Used double quotation marks for csrf form element.CHI Cheng2018-05-031-1/+1
|
* Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor2018-04-131-0/+8
| | | Thanks Alex Gaynor for contributing to the patch.
* Fixed #28693 -- Fixed crash in CsrfViewMiddleware when an HTTPS request has ↵Tomer Chachamu2018-02-141-0/+13
| | | | an invalid host.
* Fixed #28488 -- Reallowed error handlers to access CSRF tokens.Florian Apolloner2017-09-201-1/+36
| | | | Regression in eef95ea96faef0b7dbbe0c8092202b74f68a899b.
* Initialized CsrfViewMiddleware once in csrf_tests.Florian Apolloner2017-09-201-53/+54
|
* Refs #23919 -- Assumed request COOKIES and META are strClaude Paroz2017-01-301-22/+2
|
* Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand2017-01-251-2/+2
|
* Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette2017-01-191-1/+1
|
* Refs #23919 -- Removed six.<various>_types usageClaude Paroz2017-01-181-2/+1
| | | | Thanks Tim Graham and Simon Charette for the reviews.
* Refs #23919 -- Removed encoding preambles and future importsClaude Paroz2017-01-181-3/+0
|
* Moved csrf_tests views to a spearate file.Tim Graham2016-11-301-68/+13
|
* Refs #16859 -- Allowed storing CSRF tokens in sessions.Raphael Michel2016-11-301-189/+304
| | | | | Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review.
* Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za2016-11-101-19/+18
|
* Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.Tim Graham2016-11-011-1/+1
| | | | This is a security fix.
* Fixed #26747 -- Used more specific assertions in the Django test suite.Jon Dufresne2016-06-161-4/+4
|
* Fixed #26628 -- Changed CSRF logger to django.security.csrf.Holly Becker2016-06-041-14/+25
|
* Fixed #20869 -- made CSRF tokens change every request by salt-encrypting themShai Berger2016-05-191-9/+91
| | | | | | | | | | | | | | | Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews.
* Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True).chemary2016-01-201-0/+17
|
* Fixed many spelling mistakes in code, comments, and docs.Josh Soref2015-12-031-1/+1
|
* Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.Matt Robenolt2015-09-161-13/+92
| | | | | Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews.
* Cleaned up docstrings in csrf_tests/tests.py.Joshua Kehn2015-09-051-15/+13
|
* Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS.Joshua Kehn2015-09-051-0/+13
| | | | | | Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other domains that are included during the CSRF Referer header verification for secure (HTTPS) requests.
* Refs #24652 -- Used SimpleTestCase where appropriate.Simon Charette2015-05-201-2/+2
|
* Fixed #24696 -- Made CSRF_COOKIE computation lazy.Jay Cox2015-05-021-3/+10
| | | | | | | | | | | | Only compute the CSRF_COOKIE when it is actually used. This is a significant speedup for clients not using cookies. Changed result of the “test_token_node_no_csrf_cookie” test: It gets a valid CSRF token now which seems like the correct behavior. Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to use get_token() to trigger CSRF cookie inclusion instead of changing request.META["CSRF_COOKIE_USED"] directly.
* Fixed #21495 -- Added settings.CSRF_HEADER_NAMEGrzegorz Slusarek2015-03-051-0/+10
|
* Sorted imports with isort; refs #23860.Tim Graham2015-02-061-2/+5
|
* Used None-related assertions in CSRF testsClaude Paroz2015-01-061-11/+11
| | | | Thanks Markus Holtermann for spotting this.
* Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middlewareClaude Paroz2015-01-061-0/+5
| | | | | Thanks codeitloadit for the report, living180 for investigations and Tim Graham for the review.
* Moved context_processors from django.core to django.template.Aymeric Augustin2014-12-281-1/+1
|
* Fixed #23620 -- Used more specific assertions in the Django test suite.Berker Peksag2014-11-031-3/+3
|
* Fixed #20128 -- Made CsrfViewMiddleware ignore IOError when reading POST data.Tim Graham2014-06-251-0/+41
| | | | Thanks Walter Doekes.
* Fixed #22185 -- Added settings.CSRF_COOKIE_AGERoger Hu2014-03-061-0/+44
| | | | Thanks Paul McMillan for the review.
* Imported override_settings from its new location.Aymeric Augustin2013-12-231-2/+1
|
* PEP8 cleanupJason Myers2013-11-021-0/+5
| | | | Signed-off-by: Jason Myers <jason@jasonamyers.com>
* Fix all violators of E231Alex Gaynor2013-10-261-3/+3
|
* Removed some more unused local varsAlex Gaynor2013-09-081-1/+1
|
* Fixed #19436 -- Don't log warnings in ensure_csrf_cookie.Olivier Sels2013-05-181-12/+39
|
* Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.Florian Apolloner2013-05-181-0/+13
| | | | Thanks to edevil for the report and saz for the patch.
* Merged regressiontests and modeltests into the test root.Florian Apolloner2013-02-261-0/+342
View Lorry Controller Status