Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
21,744 Commits 26 Branches 382 Tags
Commit Graph

14 Commits

Author SHA1 Message Date
Luke Plant
b5c4972283 [1.9.x] Changed action="." to action="" in tests and docs. 
`action="."` strips query parameters from the URL which is not usually what
you want. Copy-paste coding of these examples could lead to difficult to
track down bugs or even data loss if the query parameter was meant to alter
the scope of a form's POST request.

Backport of 77974a684a2e874bccd8bd9e0939ddcb367a8ed2 from master
 2016-01-21 14:00:06 -05:00
Danilo Bargen
577ec6fcd1 [1.9.x] Added docs about configuring CSRF support in AngularJS. 
Backport of 6a4f13de27e2c46b6e516a01ba77fd4fe03d9dbe from master
 2016-01-15 10:16:57 -05:00
Tim Graham
d162b0bcd8 [1.9.x] Fixed #25969 -- Replaced render_to_response() with render() in docs examples. 
Backport of 4d83b0163e15f8352fd17fa121e929842ff2b686 from master
 2015-12-23 10:50:55 -05:00
Jon Dufresne
bf76cf07e0 [1.9.x] Fixed #25778 -- Updated docs links to use https when available. 
Backport of 7aabd6238028f4bb78d0687bbccc97bcf634e28b from master
 2015-12-01 08:03:16 -05:00
Agnieszka Lasyk
b3389956c9 [1.9.x] Fixed #25755 -- Unified spelling of "website". 
Backport of 1f8dad69158a96d0649d321ce08ecc9c0465f962 from master
 2015-11-16 06:44:46 -05:00
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN. 
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
 2015-09-16 12:21:50 -04:00
Joshua Kehn
ab26b65b2f Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS. 
Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other
domains that are included during the CSRF Referer header verification
for secure (HTTPS) requests.
 2015-09-05 09:19:57 -04:00
Marc
f9de197268 Recommended the JavaScript Cookie library instead of jQuery cookie. 
jQuery cookie is no longer maintained in favor of the JavaScript
cookie library. This also removes the jQuery dependency.
 2015-08-19 10:04:01 -04:00
Dave Hodder
08c980d752 Updated capitalization in the word "JavaScript" for consistency 2015-05-01 13:26:42 -04:00
Grzegorz Slusarek
668d53cd12 Fixed #21495 -- Added settings.CSRF_HEADER_NAME 2015-03-05 15:03:40 -05:00
Aymeric Augustin
9eb4f28e89 Deprecated TEMPLATE_CONTEXT_PROCESSORS. 2014-12-28 17:02:31 +01:00
Aymeric Augustin
92e8f1f302 Moved context_processors from django.core to django.template. 2014-12-28 17:00:07 +01:00
Fabio Natali
fa680ce1e2 Fixed #23825 -- Added links for decorating class-based views to the CSRF docs. 2014-11-15 19:33:39 +01:00
Thomas Chaumeny
d3db878e4b Moved CSRF docs out of contrib. 2014-11-03 07:47:39 -05:00