Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | 2023-02-01 | 1 | -1/+0 |
| | | | | | | | | Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | ||||
* | Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵ | Mariusz Felisiak | 2023-01-17 | 1 | -30/+0 |
| | | | | deprecation timeline. | ||||
* | Fixed #33567 -- Avoided setting default text/html content type on responses. | Claude Paroz | 2022-03-09 | 1 | -0/+1 |
| | |||||
* | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | 2022-02-07 | 2 | -3/+9 |
| | |||||
* | Refs #33476 -- Reformatted code with Black. | django-bot | 2022-02-07 | 4 | -270/+354 |
| | |||||
* | Refs #32800 -- Renamed _sanitize_token() to _check_token_format(). | Chris Jerdonek | 2021-11-29 | 1 | -5/+5 |
| | |||||
* | Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret. | Chris Jerdonek | 2021-11-29 | 2 | -81/+108 |
| | | | | | | | | | This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | ||||
* | Refs #32800 -- Avoided use of _does_token_match() in some CSRF tests. | Chris Jerdonek | 2021-11-16 | 2 | -7/+9 |
| | |||||
* | Refs #32800 -- Added CSRF tests for masked and unmasked secrets during GET. | Chris Jerdonek | 2021-11-16 | 1 | -0/+17 |
| | |||||
* | Refs #32800 -- Added test_masked_secret_accepted_and_not_replaced(). | Chris Jerdonek | 2021-08-17 | 1 | -2/+17 |
| | | | | | This improves test_bare_secret_accepted_and_replaced() by adding a stronger assertion. It also adds a parallel test for the non-bare (masked) case. | ||||
* | Refs #32800 -- Improved CsrfViewMiddlewareTestMixin._check_token_present(). | Chris Jerdonek | 2021-08-17 | 1 | -23/+33 |
| | | | | | | | This changes CsrfViewMiddlewareTestMixin._check_token_present() to give more detailed information if the check fails, and in particular why it failed. It also moves CsrfFunctionTests.assertMaskedSecretCorrect() to a separate CsrfFunctionTestMixin so the helper can be used in CsrfViewMiddlewareTestMixin. | ||||
* | Refs #32800 -- Used the cookie argument to ↵ | Chris Jerdonek | 2021-08-17 | 1 | -6/+3 |
| | | | | CsrfViewMiddlewareTestMixin._get_request() in more tests. | ||||
* | Refs #32800 -- Added tests of more CSRF functions. | Chris Jerdonek | 2021-08-03 | 1 | -2/+72 |
| | |||||
* | Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match(). | Chris Jerdonek | 2021-08-03 | 2 | -5/+5 |
| | |||||
* | Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError. | Virtosu Bogdan | 2021-07-23 | 1 | -5/+17 |
| | | | | Thanks Chris Jerdonek for the review. | ||||
* | Refs #32329 -- Allowed specifying request class in csrf_tests test hooks. | Virtosu Bogdan | 2021-07-23 | 1 | -43/+39 |
| | |||||
* | Refs #32902 -- Moved ensure_csrf_cookie_view after protected_view. | Chris Jerdonek | 2021-07-23 | 1 | -6/+5 |
| | |||||
* | Fixed #32902 -- Fixed CsrfViewMiddleware.process_response()'s cookie reset ↵ | Chris Jerdonek | 2021-07-23 | 2 | -2/+40 |
| | | | | | | logic. Thanks Florian Apolloner and Shai Berger for reviews. | ||||
* | Refs #32902 -- Added CSRF test when rotate_token() is called between ↵ | Chris Jerdonek | 2021-07-23 | 2 | -6/+97 |
| | | | | resetting the token and processing response. | ||||
* | Refs #32885 -- Used _read_csrf_cookie()/_set_csrf_cookie() in more CSRF tests. | Chris Jerdonek | 2021-06-30 | 1 | -18/+22 |
| | |||||
* | Fixed #32885 -- Removed cookie-based token specific logic from ↵ | Chris Jerdonek | 2021-06-30 | 1 | -21/+31 |
| | | | | CsrfViewMiddlewareTestMixin. | ||||
* | Refs #32843 -- Added CsrfViewMiddlewareTestMixin._get_csrf_cookie_request() ↵ | Chris Jerdonek | 2021-06-29 | 1 | -24/+25 |
| | | | | hook. | ||||
* | Refs #32843 -- Added method/cookie arguments to ↵ | Chris Jerdonek | 2021-06-29 | 1 | -36/+27 |
| | | | | | | CsrfViewMiddlewareTestMixin._get_request(). This also removes unnecessary test hooks. | ||||
* | Refs #32843 -- Moved _get_GET_csrf_cookie_request() to ↵ | Chris Jerdonek | 2021-06-29 | 1 | -13/+11 |
| | | | | CsrfViewMiddlewareTestMixin. | ||||
* | Fixed #32843 -- Ensured the CSRF tests' _get_GET_csrf_cookie_request() sets ↵ | Chris Jerdonek | 2021-06-29 | 1 | -3/+6 |
| | | | | the request method. | ||||
* | Refs #32800 -- Added CsrfViewMiddleware tests for all combinations of ↵ | Chris Jerdonek | 2021-06-28 | 1 | -0/+50 |
| | | | | masked/unmasked cookies and tokens. | ||||
* | Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and ↵ | Chris Jerdonek | 2021-06-28 | 1 | -9/+9 |
| | | | | | | _csrf_id_token different. This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token. | ||||
* | Refs #32800 -- Eliminated the need for separate _get_POST_bare_secret() methods. | Chris Jerdonek | 2021-06-28 | 1 | -19/+4 |
| | |||||
* | Refs #32800 -- Added to csrf_tests/tests.py the unmasked version of the secret. | Chris Jerdonek | 2021-06-28 | 1 | -6/+58 |
| | | | | | This also adds tests that the secret is correct, and updates existing tests to use the value. | ||||
* | Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token ↵ | Chris Jerdonek | 2021-06-23 | 1 | -7/+22 |
| | | | | error messages. | ||||
* | Refs #32817 -- Added tests for bad CSRF token provided via X-CSRFToken or ↵ | Chris Jerdonek | 2021-06-23 | 1 | -9/+35 |
| | | | | custom header. | ||||
* | Refs #32817 -- Added post_token/meta_token/token_header arguments to ↵ | Chris Jerdonek | 2021-06-23 | 1 | -22/+27 |
| | | | | _get_POST_csrf_cookie_request(). | ||||
* | Refs #32817 -- Combined the bad-or-missing CSRF token tests. | Chris Jerdonek | 2021-06-23 | 1 | -24/+11 |
| | |||||
* | Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly ↵ | Chris Jerdonek | 2021-06-01 | 1 | -2/+2 |
| | | | | formatted cookie tokens. | ||||
* | Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted ↵ | Chris Jerdonek | 2021-06-01 | 1 | -14/+42 |
| | | | | cookie tokens. | ||||
* | Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly ↵ | Chris Jerdonek | 2021-05-31 | 1 | -8/+11 |
| | | | | formatted tokens. | ||||
* | Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or ↵ | Chris Jerdonek | 2021-05-31 | 1 | -11/+41 |
| | | | | | | | | | missing tokens. This also improves test names for test_process_request_no_csrf_cookie and test_process_request_csrf_cookie_no_token. The logic being tested is actually in process_view() rather than process_request(), and it's not necessary to include the method name. | ||||
* | Fixed #32596 -- Added CsrfViewMiddleware._check_referer(). | Chris Jerdonek | 2021-05-28 | 1 | -1/+25 |
| | | | | | | This encapsulates CsrfViewMiddleware's referer logic into a method and updates existing tests to check the "seam" introduced by the refactor, when doing so would improve the test. | ||||
* | Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic. | Chris Jerdonek | 2021-05-27 | 1 | -0/+28 |
| | |||||
* | Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin ↵ | Chris Jerdonek | 2021-03-25 | 1 | -0/+9 |
| | | | | header has an invalid host. | ||||
* | Made CsrfViewMiddlewareTestMixin._get_GET_no_csrf_cookie_request() return ↵ | Mariusz Felisiak | 2021-03-22 | 1 | -2/+4 |
| | | | | GET requests. | ||||
* | Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header. | Adam Donaghy | 2021-03-19 | 1 | -0/+6 |
| | |||||
* | Fixed #16010 -- Added Origin header checking to CSRF middleware. | Tim Graham | 2021-03-18 | 1 | -1/+149 |
| | | | | | Thanks David Benjamin for the original patch, and Florian Apolloner, Chris Jerdonek, and Adam Johnson for reviews. | ||||
* | Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme. | Tim Graham | 2021-03-18 | 1 | -2/+2 |
| | |||||
* | Refs #21429 -- Added SimpleTestCase.assertNoLogs() on Python < 3.10. | François Freitag | 2021-03-02 | 1 | -4/+3 |
| | |||||
* | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | 2020-05-11 | 1 | -1/+1 |
| | | | | | The method has been available since Python 3.6. The shorter syntax is also marginally faster. | ||||
* | Fixed #31291 -- Renamed salt to mask for CSRF tokens. | Ram Rachum | 2020-02-25 | 2 | -2/+2 |
| | |||||
* | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | 2020-02-18 | 1 | -124/+145 |
| | | | | | | | | | classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | ||||
* | Dropped obsolete mimetype kwarg in csrf test view | Claude Paroz | 2019-09-21 | 1 | -1/+1 |
| | |||||
* | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | 2019-01-28 | 1 | -4/+4 |
| | | | | Used more specific errors (e.g. FileExistsError) as appropriate. |