mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 10:34:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.

Browse source
This commit is contained in:
Tim Graham 2021-01-12 19:55:02 -05:00 committed by Mariusz Felisiak
parent 9bf5e9418f
commit dba44a7a7a
8 changed files with 89 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/releases/4.0.txt
View file

@ -307,6 +307,22 @@ Upstream support for Oracle 12.2 ends in March 2022 and for Oracle 18c it ends
in June 2021. Django 3.2 will be supported until April 2024. Django 4.0
officially supports Oracle 19c.
.. _csrf-trusted-origins-changes-4.0:
``CSRF_TRUSTED_ORIGINS`` changes
--------------------------------
Format change
~~~~~~~~~~~~~
Values in the :setting:`CSRF_TRUSTED_ORIGINS` setting must include the scheme
(e.g. ``'http://'`` or ``'https://'``) instead of only the hostname.
Also, values that started with a dot, must now also include an asterisk before
the dot. For example, change ``'.example.com'`` to ``'https://*.example.com'``.
A system check detects any required changes.
Miscellaneous
-------------