Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
26,892 Commits 26 Branches 382 Tags
Commit Graph

418 Commits

Author SHA1 Message Date
Jon Dufresne
9f81af4be4 [2.2.x] Added a link to the file email backend from EMAIL_FILE_PATH setting. 
Backport of c8debd50617142937191986aec77a5eee472c28e from master
 2019-11-06 08:39:09 +01:00
René Fleschenberg
d4d37d0900 [2.2.x] Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes. 
Backport of d232fd76a85870daf345fd8f8d617fe7802ae194 from master
 2019-10-11 16:07:38 +02:00
Ben Falk
1864d61d6c [2.2.x] Fixed typos in docs/ref/settings.txt. 
Backport of 4056558a1c9cf650ab6e7cb1a319206d2e8c770f from master.
 2019-09-13 20:38:44 +02:00
Carlton Gibson
77706a3e47 [2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
 2019-07-01 07:50:48 +02:00
Mykola Nicholas
d5d22e1090 [2.2.x] Changed charset and collation link to MySQL docs. 
Backport of f3a03d5b61bbf6a47c9aaf8113cff5b1befbcbc5 from master
 2019-06-11 11:17:23 +02:00
Mariusz Felisiak
de11488c52
[2.2.x] Fixed typo in docs/ref/settings.txt. 
Backport of 4cbe2b06ce580423c62b6e49969f7e24d57d63b8 from master
 2019-04-02 09:12:40 +02:00
Nick Pope
5237da3416 [2.2.x] Removed unnecessary /static from links to PostgreSQL docs. 
Backport of 198a2a9381a415f76c3170753270f5087ce4475a from master.
 2019-03-29 21:50:28 -04:00
Tim Graham
2fb602f581 [2.2.x] Used extlinks for Django's source code. 
Backport of a68c029e224cebe540da7447dbbd27993b4aa793 from master.
 2019-03-28 20:39:38 -04:00
Nick Pope
6ac921bab0
[2.2.x] Refs #1660 -- Doc'd the LANGUAGES_BIDI setting. 
Backport of 07daa487aeb7d41d69d7d1cf9d4b3648e299e4ac from master
 2019-03-28 21:58:19 +01:00
Nick Pope
d7876fc999 [2.2.x] Updated spelling and RFCs in HttpOnly cookie flag docs. 
Backport of 398afba084679f1055926f6f91bd33fe124a92c5 from master.
 2019-03-27 11:11:24 -04:00
Tim Graham
8eb913eabf [2.2.x] Simplified and corrected LOGIN_URL, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL docs. 
Backport of b709d701303b3877387020c1558a590713b09853 from master.
 2019-02-05 20:19:32 -05:00
Carlton Gibson
89d39dc1d7 [2.2.x] Fixed #30091 -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS. 
Backport of bae66e759faee8513da4b11d3fd16b044b415bdb from master.
 2019-01-30 13:12:43 -05:00
Tim Graham
4c7c608a1d Reverted "Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb." 
This reverts commits b3b1d3d45fc066367f4fcacf0b06f72fcd00a9c6 and
9fa0d3786febf36c87ef059a39115aa1ce3326e8 due to reverse build failures
for which a solution isn't forthcoming.
 2018-12-05 15:30:23 -05:00
Mariusz Felisiak
ff8020ed49 Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces. 2018-11-13 18:22:41 -05:00
romgar
b3b1d3d45f Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb. 
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
 2018-11-06 16:57:50 -05:00
Mayank Singhal
76b3367035 Fixed #29879 -- Added CSRF_COOKIE_HTTPONLY to CSRF AJAX docs. 2018-10-25 11:39:52 -04:00
Jon Dufresne
0cd465b63a Fixed #29817 -- Deprecated settings.FILE_CHARSET. 2018-10-15 17:15:41 -04:00
Kate Berry
b8b1d8cad6 Improved tone in docs/ref/settings.txt. 2018-10-04 11:35:19 -04:00
Jon Dufresne
82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Jon Dufresne
8c3e0eb1c1 Normalized spelling of "lowercase" and "lowercased". 2018-09-25 10:30:18 -04:00
Claude Paroz
e8531cc89c Prevented unexpected link in settings docs 2018-06-10 15:11:39 +02:00
Tim Graham
5cc81cd9eb Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set." 
This reverts commit b3cffde5559c4fa97625512d7ec41a674be26076 due to
a regression and performance concerns.
 2018-05-26 21:06:58 -04:00
Tim Graham
7543ab1f8d Removed versionadded/changed annotations for 2.0. 2018-05-17 11:00:10 -04:00
Jon Dufresne
b3cffde555 Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set. 2018-04-17 13:02:05 -04:00
Alex Gaynor
9a56b4b13e Fixed #27863 -- Added support for the SameSite cookie flag. 
Thanks Alex Gaynor for contributing to the patch.
 2018-04-13 20:58:31 -04:00
Tim Graham
5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Ashaba
95fd5cf459 Fixed #28403 -- Added missing formats in FORMAT_MODULE_PATH docs. 2018-01-24 13:38:15 -05:00
Frédéric Massart
a5f1e5809f Clarified who the AdminEmailHandler emails. 2017-11-21 11:49:15 -05:00
Дилян Палаузов
6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tim Graham
afd375fc34
Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples. 2017-11-01 10:57:59 -04:00
Tim Graham
0edff2107f Refs #28248 -- Clarified the precision of PASSWORD_RESET_TIMEOUT_DAYS. 2017-10-12 14:58:18 -04:00
Jon Ribbens
44f08422c8 Fixed #28625 -- Distinguished DATABASES['TIME_ZONE'] from settings.TIME_ZONE. 2017-09-28 09:42:08 -04:00
Tim Graham
5446b72003 Removed versionadded/changed annotations for 1.11. 2017-09-22 12:51:18 -04:00
Tim Graham
48d57788ee Refs #26447 -- Removed the USE_ETAGS setting per deprecation timeline. 2017-09-22 12:51:18 -04:00
Tim Graham
c7d58c6f43 Fixed #28435 -- Removed inaccurate warning about SECURE_HSTS_PRELOAD. 2017-07-25 15:12:50 -04:00
Laura
e58c87cb70 Fixed #28336 -- Fixed typo in docs/ref/settings.txt. 2017-06-27 21:41:10 -04:00
Mariusz Felisiak
516b7664dc Fixed #28260 -- Allowed customizing the test tablespace initial and autoextend size on Oracle. 
Thanks Tim Graham for the review.
 2017-06-02 18:35:56 +02:00
François Freitag
88336fdbb5 Fixed #28062 -- Added a setting to disable server-side cursors on PostgreSQL. 
When a connection pooler is set up in transaction pooling mode, queries
relying on server-side cursors fail. The DISABLE_SERVER_SIDE_CURSORS
setting in DATABASES disables server-side cursors for this use case.
 2017-05-06 06:59:04 -04:00
Mariusz Felisiak
a3af8c99d9 Removed extra characters in docs header underlines. 2017-03-20 18:30:32 -04:00
Tim Graham
c577d8a498 Described DEBUG_PROPAGATE_EXCEPTIONS behavior in more detail. 2017-03-09 12:18:17 -05:00
Tim Graham
80493b0871 Fixed #27829 -- Deprecated settings.DEFAULT_CONTENT_TYPE. 2017-02-16 07:59:44 -05:00
Claude Paroz
c651331b34 Converted usage of ugettext* functions to their gettext* aliases 
Thanks Tim Graham for the review.
 2017-02-07 09:04:04 +01:00
Tim Graham
e27e4c0339 Removed versionadded/changed annotations for 1.10. 2017-01-17 20:52:05 -05:00
Tim Graham
d334f46b7a Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES. 2017-01-17 20:52:04 -05:00
Tim Graham
9e734875fe Fixed #24994 -- Documented the expected type of settings.SECRET_KEY. 2016-12-28 07:36:37 -05:00
Preston Timmons
b52c73008a Fixed #15667 -- Added template-based widget rendering. 
Thanks Carl Meyer and Tim Graham for contributing to the patch.
 2016-12-27 17:50:10 -05:00
Tim Graham
c27104a9c7 Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security. 2016-12-19 17:56:58 -05:00
Raphael Michel
ddf169cdac Refs #16859 -- Allowed storing CSRF tokens in sessions. 
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
 2016-11-30 08:57:27 -05:00
Ian Lee
501c993010 Fixed typo in docs/ref/settings.txt. 2016-11-11 07:01:48 -05:00
Tim Graham
7fe2d8d940 Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True. 
This is a security fix.
 2016-11-01 09:30:57 -04:00