 Shai Berger
|
5112e65ef2
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
|
9 anni fa |
|
Florian Apolloner
|
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
|
9 anni fa |
|
Vasiliy Faronov
|
ac77c55bc5
Fixed #26567 -- Updated references to obsolete RFC2616.
|
9 anni fa |
|
Tim Graham
|
df8d8d4292
Fixed E128 flake8 warnings in django/.
|
9 anni fa |
|
chemary
|
2d28144c95
Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True).
|
9 anni fa |
|
Marten Kenbeek
|
16411b8400
Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
|
9 anni fa |
|
Matt Robenolt
|
b0c56b895f
Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
|
10 anni fa |
|
Joshua Kehn
|
ab26b65b2f
Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS.
|
9 anni fa |
|
Jay Cox
|
eef95ea96f
Fixed #24696 -- Made CSRF_COOKIE computation lazy.
|
10 anni fa |
|
Grzegorz Slusarek
|
668d53cd12
Fixed #21495 -- Added settings.CSRF_HEADER_NAME
|
10 anni fa |
|
Tim Graham
|
0ed7d15563
Sorted imports with isort; refs #23860.
|
10 anni fa |
|
Claude Paroz
|
27dd7e7271
Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
|
10 anni fa |
|
Tim Graham
|
815e7a5721
Fixed #20128 -- Made CsrfViewMiddleware ignore IOError when reading POST data.
|
10 anni fa |
|
Roger Hu
|
9b729ddd8f
Fixed #22185 -- Added settings.CSRF_COOKIE_AGE
|
11 anni fa |
|
Milton Mazzarri
|
cbc7cbbc5b
Fixed flake8 E251 violations
|
11 anni fa |
|
Alex Gaynor
|
7548aa8ffd
More attacking E302 violators
|
11 anni fa |
|
Bouke Haarsma
|
6107435386
Fixed #21324 -- Translate CSRF failure view
|
11 anni fa |
|
Tim Graham
|
ac4fec5ca2
Fixed bug causing CSRF token not to rotate on login.
|
11 anni fa |
|
Aymeric Augustin
|
ffcf24c9ce
Removed several unused imports.
|
11 anni fa |
|
Andrew Godwin
|
1514f17aa6
Rotate CSRF token on login
|
12 anni fa |
|
Olivier Sels
|
63a9555d57
Fixed #19436 -- Don't log warnings in ensure_csrf_cookie.
|
12 anni fa |
|
Aymeric Augustin
|
720888a146
Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.
|
12 anni fa |
|
Tim Graham
|
ee26797cff
Fixed typos in docs and comments
|
12 anni fa |
|
Claude Paroz
|
26ff2be787
Imported getLogger directly from logging module
|
12 anni fa |
|
Collin Anderson
|
f416ea9c8d
fixed rfc comment typo in middleware/csrf.py
|
12 anni fa |
|
Claude Paroz
|
d774ad752d
[py3] Made csrf context processor return Unicode
|
12 anni fa |
|
Adrian Holovaty
|
7981efe04f
Documentation (and some small source code) edits from [17432] - [17537]
|
13 anni fa |
|
Paul McMillan
|
a77679dfaa
Fixes #16827. Adds a length check to CSRF tokens before applying the santizing regex. Thanks to jedie for the report and zsiciarz for the initial patch.
|
13 anni fa |
|
Jannis Leidel
|
f0a1633425
Fixed #17358 -- Updated logging calls to use official syntax for arguments instead of string interpolation. Thanks, spulec.
|
13 anni fa |
|
Luke Plant
|
cb060f0f34
Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
|
14 anni fa |
