Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | 2023-02-01 | 1 | -2/+0 |
| | | | | | | | | Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | ||||
* | Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵ | David Wobrock | 2023-01-04 | 1 | -5/+6 |
| | | | | and tests. | ||||
* | Fixed #33735 -- Added async support to StreamingHttpResponse. | Carlton Gibson | 2022-12-22 | 1 | -0/+22 |
| | | | | | Thanks to Florian Vazelle for initial exploratory work, and to Nick Pope and Mariusz Felisiak for review. | ||||
* | Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. | Andreas Pelme | 2022-12-17 | 1 | -2/+38 |
| | |||||
* | Updated documentation and comments for RFC updates. | Nick Pope | 2022-11-10 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | ||||
* | Avoided assignment followed by immediate return. | Nick Pope | 2022-10-31 | 1 | -2/+1 |
| | | | | | | | | Identified using the following command: $ pcre2grep --line-number --multiline --recursive \ "(?s)(\n +)(\w+) = [^\n]+\1return \2;?$" \ django docs extras js_tests scripts tests | ||||
* | Fixed #33700 -- Skipped extra resolution for successful requests not ending ↵ | Anders Kaseorg | 2022-06-02 | 1 | -0/+10 |
| | | | | | | | | | | | | | | | | | | | with /. By moving a should_redirect_with_slash call out of an if block, commit 9390da7fb6e251eaa9a785692f987296cb14523f negated the performance fix of commit 434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (#24720). Meanwhile, the logging issue #26293 that it targeted was subsequently fixed more fully by commit 40b69607c751c4afa453edfd41d2ed155e58187e (#26504), so it is no longer needed. This effectively reverts it. This speeds up successful requests not ending with / when APPEND_SLASH is enabled (the default, and still useful in projects with a mix of URLs with and without trailing /). The amount of speedup varies from about 5% in a typical project to nearly 50% on a benchmark with many routes. Signed-off-by: Anders Kaseorg <andersk@mit.edu> | ||||
* | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | 2022-02-07 | 1 | -4/+6 |
| | |||||
* | Refs #33476 -- Reformatted code with Black. | django-bot | 2022-02-07 | 6 | -285/+362 |
| | |||||
* | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | 2021-07-29 | 1 | -4/+4 |
| | | | | appropriate. | ||||
* | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | 2021-04-30 | 1 | -28/+0 |
| | |||||
* | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | 2021-03-30 | 1 | -0/+39 |
| | | | | | | Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | ||||
* | Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. | Carlton Gibson | 2020-10-22 | 3 | -0/+28 |
| | |||||
* | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | 2020-09-14 | 2 | -43/+70 |
| | |||||
* | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | 2020-02-18 | 2 | -219/+301 |
| | | | | | | | | | classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | ||||
* | Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses ↵ | Viktor Lomakin | 2019-10-10 | 1 | -0/+6 |
| | | | | with non-empty content. | ||||
* | Fixed #29406 -- Added support for Referrer-Policy header. | Nick Pope | 2019-09-09 | 1 | -0/+33 |
| | | | | Thanks to James Bennett for the initial implementation. | ||||
* | Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY. | Claude Paroz | 2019-09-09 | 1 | -2/+2 |
| | |||||
* | Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ↵ | Hasan Ramezani | 2019-07-02 | 1 | -1/+1 |
| | | | | ADMINS/MANAGERS is set incorrectly. | ||||
* | Corrected settings names in SecurityMiddleware tests. | Nick Pope | 2019-03-20 | 1 | -33/+26 |
| | |||||
* | Removed default empty content argument from HttpResponse calls. | Jon Dufresne | 2019-02-09 | 1 | -1/+1 |
| | |||||
* | Updated test URL patterns to use path() and re_path(). | Tim Graham | 2018-12-31 | 3 | -11/+11 |
| | |||||
* | Made reused RequestFactory instances class attributes. | Simon Charette | 2018-11-27 | 1 | -4/+6 |
| | |||||
* | Capitalized SecurityMiddleware headers for consistency with other headers. | Artur Juraszek | 2018-10-30 | 1 | -32/+32 |
| | | | | (No behavior change since HTTP headers are case insensitive.) | ||||
* | Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. | Andreas Hug | 2018-08-01 | 2 | -0/+21 |
| | |||||
* | Fixed hanging indentation in various code. | Mariusz Felisiak | 2018-03-16 | 1 | -1/+2 |
| | |||||
* | Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. | Tim Graham | 2017-09-22 | 1 | -57/+1 |
| | |||||
* | Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). | Tim Graham | 2017-02-09 | 1 | -1/+1 |
| | |||||
* | Refs #23919 -- Replaced kwargs.pop() with keyword-only arguments. | Vytis Banaitis | 2017-02-01 | 1 | -10/+10 |
| | |||||
* | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | 2017-01-25 | 1 | -1/+1 |
| | |||||
* | Refs #23919 -- Removed unneeded force_str calls | Claude Paroz | 2017-01-20 | 1 | -2/+1 |
| | |||||
* | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | 2017-01-18 | 1 | -4/+5 |
| | | | | Thanks Tim Graham for the review. | ||||
* | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | 2017-01-18 | 1 | -19/+0 |
| | | | | Thanks Tim Graham for the review. | ||||
* | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | 2017-01-18 | 1 | -3/+0 |
| | |||||
* | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | 2016-11-10 | 1 | -2/+2 |
| | |||||
* | Fixed #26812 -- Fixed APPEND_SLASH on a URL including querystring with a ↵ | Sven Engström | 2016-11-06 | 1 | -0/+12 |
| | | | | trailing slash. | ||||
* | Fixed #27346 -- Stopped setting the Content-Length header in ↵ | Adam Malinowski | 2016-11-05 | 1 | -24/+0 |
| | | | | ConditionalGetMiddleware. | ||||
* | Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests. | Kevin Christopher Henry | 2016-10-17 | 1 | -0/+25 |
| | |||||
* | Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. | Tim Graham | 2016-10-14 | 1 | -7/+0 |
| | |||||
* | Refs #19705 -- Changed gzip modification times to 0. | Kevin Christopher Henry | 2016-10-14 | 1 | -0/+20 |
| | | | | | This makes gzip output deterministic, which allows ConditionalGetMiddleware to reliably compare ETags on gzipped content (views using the gzip_page() decorator in particular). | ||||
* | Refs #19705 -- Made GZipMiddleware make ETags weak. | Kevin Christopher Henry | 2016-10-13 | 1 | -13/+30 |
| | | | | | Django's conditional request processing can now produce 304 Not Modified responses for content that is subject to compression. | ||||
* | Fixed #19705 -- Set proper headers on conditional Not Modified responses. | Kevin Christopher Henry | 2016-10-12 | 1 | -0/+22 |
| | |||||
* | Fixed #26447 -- Deprecated settings.USE_ETAGS in favor of ↵ | Denis Cornehl | 2016-10-10 | 1 | -1/+35 |
| | | | | ConditionalGetMiddleware. | ||||
* | Fixed #27083 -- Added support for weak ETags. | Kevin Christopher Henry | 2016-09-10 | 1 | -5/+0 |
| | |||||
* | Fixed #26947 -- Added an option to enable the HSTS header preload directive. | Ed Morley | 2016-08-10 | 1 | -0/+31 |
| | |||||
* | Fixed docs to refer to HSTS includeSubdomains as a directive. | Ed Morley | 2016-08-08 | 1 | -2/+2 |
| | | | | | The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2 | ||||
* | Fixed a typo in tests/middleware/test_security.py | Tim Graham | 2016-07-28 | 1 | -1/+1 |
| | |||||
* | Fixed #26765 -- Made CommonMiddleware no longer set an ETag when response ↵ | andrewnester | 2016-07-15 | 1 | -0/+14 |
| | | | | has Cache-Control: no-store. | ||||
* | Fixed #5897 -- Added the Content-Length response header in CommonMiddleware | Claude Paroz | 2016-06-27 | 1 | -0/+24 |
| | | | | Thanks Tim Graham for the review. | ||||
* | Fixed #26747 -- Used more specific assertions in the Django test suite. | Jon Dufresne | 2016-06-16 | 2 | -9/+9 |
| |