tommcn 
								
							 
						 
						
							
							
							
							
								
							
							
								8e63390640 
								
							 
						 
						
							
							
								
								Corrected CSRF reference in middleware docs.  
							
							
							
						 
						
							2022-03-17 06:03:10 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Mariusz Felisiak 
								
							 
						 
						
							
							
							
							
								
							
							
								97237ad3fe 
								
							 
						 
						
							
							
								
								Removed versionadded/changed annotations for 3.2.  
							
							
							
						 
						
							2021-09-20 21:23:01 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									David Smith 
								
							 
						 
						
							
							
							
							
								
							
							
								1024b5e74a 
								
							 
						 
						
							
							
								
								Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.  
							
							
							
						 
						
							2021-07-29 06:24:12 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Nick Pope 
								
							 
						 
						
							
							
							
							
								
							
							
								c156e36955 
								
							 
						 
						
							
							
								
								Refs  #32720  -- Updated various links in docs to avoid redirects and use HTTPS.  
							
							
							
						 
						
							2021-05-17 09:46:09 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								54da6e2ac2 
								
							 
						 
						
							
							
								
								Fixed   #32678  -- Removed SECURE_BROWSER_XSS_FILTER setting.  
							
							
							
						 
						
							2021-04-30 12:32:52 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									bankc 
								
							 
						 
						
							
							
							
							
								
							
							
								db5b75f10f 
								
							 
						 
						
							
							
								
								Fixed   #31840  -- Added support for Cross-Origin Opener Policy header.  
							
							... 
							
							
							
							Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com> 
							
						 
						
							2021-03-30 19:59:24 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Carlton Gibson 
								
							 
						 
						
							
							
							
							
								
							
							
								ad11f5b8c9 
								
							 
						 
						
							
							
								
								Fixed   #32124  -- Added per-view opt-out for APPEND_SLASH behavior.  
							
							
							
						 
						
							2020-10-22 14:15:19 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Mariusz Felisiak 
								
							 
						 
						
							
							
							
							
								
							
							
								4c5236ef93 
								
							 
						 
						
							
							
								
								Removed versionadded/changed annotations for 3.0.  
							
							
							
						 
						
							2020-05-13 09:07:51 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Min ho Kim 
								
							 
						 
						
							
							
							
							
								
							
							
								103a6f4307 
								
							 
						 
						
							
							
								
								Fixed some typos in comments and docs.  
							
							... 
							
							
							
							Thanks to Mads Jenson for review. 
							
						 
						
							2019-10-02 15:50:46 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Mar Sánchez 
								
							 
						 
						
							
							
							
							
								
							
							
								f1d4a540b2 
								
							 
						 
						
							
							
								
								Refs  #15396  -- Mentioned full path to GZipMiddleware in documentation.  
							
							
							
						 
						
							2019-10-02 14:39:01 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Carlton Gibson 
								
							 
						 
						
							
							
							
							
								
							
							
								9446950470 
								
							 
						 
						
							
							
								
								Refs  #28699  -- Clarified CSRF middleware ordering in relation to RemoteUserMiddleware.  
							
							
							
						 
						
							2019-10-02 13:11:03 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Nick Pope 
								
							 
						 
						
							
							
							
							
								
							
							
								406dba04e1 
								
							 
						 
						
							
							
								
								Fixed   #29406  -- Added support for Referrer-Policy header.  
							
							... 
							
							
							
							Thanks to James Bennett for the initial implementation. 
							
						 
						
							2019-09-09 13:35:41 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Nick Pope 
								
							 
						 
						
							
							
							
							
								
							
							
								fc62e16291 
								
							 
						 
						
							
							
								
								Standardized links for headers in security middleware documentation.  
							
							
							
						 
						
							2019-09-09 13:35:17 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Mariusz Felisiak 
								
							 
						 
						
							
							
							
							
								
							
							
								5ab75adb90 
								
							 
						 
						
							
							
								
								Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0.  
							
							
							
						 
						
							2019-06-03 14:08:51 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Carlton Gibson 
								
							 
						 
						
							
							
							
							
								
							
							
								bae66e759f 
								
							 
						 
						
							
							
								
								Fixed   #30091  -- Doc'd middleware ordering requirements with CSRF_USE_SESSIONS.  
							
							
							
						 
						
							2019-01-30 11:02:26 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Daniel Musketa 
								
							 
						 
						
							
							
							
							
								
							
							
								ca2856fb62 
								
							 
						 
						
							
							
								
								Fixed typo in docs/ref/middleware.txt.  
							
							
							
						 
						
							2018-11-14 09:47:22 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Daniel Hepper 
								
							 
						 
						
							
							
							
							
								
							
							
								a6fb5b1fe0 
								
							 
						 
						
							
							
								
								Remove documenation for non-existent middleware ( #9998 )  
							
							... 
							
							
							
							The docs contained a reference to the class
django.middleware.exception.ExceptionMiddleware. This class was introduced in
05c888ffb87d1b69dbe7 
							
						 
						
							2018-05-27 16:08:50 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Mariusz Felisiak 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								7c81b28ebc 
								
							 
						 
						
							
							
								
								Updated various links in docs to use HTTPS.  
							
							
							
						 
						
							2018-01-07 14:28:41 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								bc95314ca6 
								
							 
						 
						
							
							
								
								Fixed   #28786  -- Doc'd middleware ordering considerations due to CommonMiddleware setting Content-Length.  
							
							
							
						 
						
							2017-11-14 12:01:24 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								8f8a4d10d3 
								
							 
						 
						
							
							
								
								Refs  #26447  -- Removed outdated ETag comment in CommonMiddleware.  
							
							... 
							
							
							
							Follow up to 48d57788ee 
							
						 
						
							2017-11-11 20:45:17 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								5446b72003 
								
							 
						 
						
							
							
								
								Removed versionadded/changed annotations for 1.11.  
							
							
							
						 
						
							2017-09-22 12:51:18 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								48d57788ee 
								
							 
						 
						
							
							
								
								Refs  #26447  -- Removed the USE_ETAGS setting per deprecation timeline.  
							
							
							
						 
						
							2017-09-22 12:51:18 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Claude Paroz 
								
							 
						 
						
							
							
							
							
								
							
							
								01f658644a 
								
							 
						 
						
							
							
								
								Updated various links in docs to avoid redirects  
							
							... 
							
							
							
							Thanks Tim Graham and Mariusz Felisiak for review and completion. 
							
						 
						
							2017-05-22 19:28:44 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								e27e4c0339 
								
							 
						 
						
							
							
								
								Removed versionadded/changed annotations for 1.10.  
							
							
							
						 
						
							2017-01-17 20:52:05 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Michel 
								
							 
						 
						
							
							
							
							
								
							
							
								ddf169cdac 
								
							 
						 
						
							
							
								
								Refs  #16859  -- Allowed storing CSRF tokens in sessions.  
							
							... 
							
							
							
							Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review. 
							
						 
						
							2016-11-30 08:57:27 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								7301770254 
								
							 
						 
						
							
							
								
								Fixed typo in docs/ref/middleware.txt.  
							
							
							
						 
						
							2016-11-06 13:22:08 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Adam Malinowski 
								
							 
						 
						
							
							
							
							
								
							
							
								37809b891e 
								
							 
						 
						
							
							
								
								Fixed   #27346  -- Stopped setting the Content-Length header in ConditionalGetMiddleware.  
							
							
							
						 
						
							2016-11-05 22:24:54 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								61f9243e51 
								
							 
						 
						
							
							
								
								Fixed   #27345  -- Stopped setting the Date header in ConditionalGetMiddleware.  
							
							
							
						 
						
							2016-10-14 12:48:03 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Kevin Christopher Henry 
								
							 
						 
						
							
							
							
							
								
							
							
								ad332e5ca9 
								
							 
						 
						
							
							
								
								Refs  #19705  -- Made GZipMiddleware make ETags weak.  
							
							... 
							
							
							
							Django's conditional request processing can now produce 304 Not Modified
responses for content that is subject to compression. 
							
						 
						
							2016-10-13 14:22:54 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Denis Cornehl 
								
							 
						 
						
							
							
							
							
								
							
							
								a840710e1e 
								
							 
						 
						
							
							
								
								Fixed   #26447  -- Deprecated settings.USE_ETAGS in favor of ConditionalGetMiddleware.  
							
							
							
						 
						
							2016-10-10 14:55:59 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								ef021412d5 
								
							 
						 
						
							
							
								
								Normalized spelling of ETag.  
							
							
							
						 
						
							2016-09-09 11:00:21 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ed Morley 
								
							 
						 
						
							
							
							
							
								
							
							
								3c2447dd13 
								
							 
						 
						
							
							
								
								Fixed   #26947  -- Added an option to enable the HSTS header preload directive.  
							
							
							
						 
						
							2016-08-10 20:23:54 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ed Morley 
								
							 
						 
						
							
							
							
							
								
							
							
								8c3bc5cd78 
								
							 
						 
						
							
							
								
								Fixed docs to refer to HSTS includeSubdomains as a directive.  
							
							... 
							
							
							
							The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2  
							
						 
						
							2016-08-08 20:20:49 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Claude Paroz 
								
							 
						 
						
							
							
							
							
								
							
							
								9588718cd4 
								
							 
						 
						
							
							
								
								Fixed   #5897  -- Added the Content-Length response header in CommonMiddleware  
							
							... 
							
							
							
							Thanks Tim Graham for the review. 
							
						 
						
							2016-06-27 10:44:57 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								46a38307c2 
								
							 
						 
						
							
							
								
								Removed versionadded/changed annotations for 1.9.  
							
							
							
						 
						
							2016-05-20 11:44:29 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Shai Berger 
								
							 
						 
						
							
							
							
							
								
							
							
								5112e65ef2 
								
							 
						 
						
							
							
								
								Fixed   #20869  -- made CSRF tokens change every request by salt-encrypting them  
							
							... 
							
							
							
							Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews. 
							
						 
						
							2016-05-19 05:02:19 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Florian Apolloner 
								
							 
						 
						
							
							
							
							
								
							
							
								9baf692a58 
								
							 
						 
						
							
							
								
								Fixed   #26601  -- Improved middleware per DEP 0005.  
							
							... 
							
							
							
							Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP. 
							
						 
						
							2016-05-17 07:22:22 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									rowanv 
								
							 
						 
						
							
							
							
							
								
							
							
								a6ef025dfb 
								
							 
						 
						
							
							
								
								Fixed   #26124  -- Added missing code formatting to docs headers.  
							
							
							
						 
						
							2016-02-01 10:42:05 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								54848a96dd 
								
							 
						 
						
							
							
								
								Removed versionadded/changed annotations for 1.8.  
							
							
							
						 
						
							2015-09-23 19:31:11 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								849037af36 
								
							 
						 
						
							
							
								
								Refs  #23957  -- Required session verification per deprecation timeline.  
							
							
							
						 
						
							2015-09-23 19:31:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Claude Paroz 
								
							 
						 
						
							
							
							
							
								
							
							
								64982cc2fb 
								
							 
						 
						
							
							
								
								Updated Wikipedia links to use https  
							
							
							
						 
						
							2015-08-08 12:02:32 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jorgecarleitao 
								
							 
						 
						
							
							
							
							
								
							
							
								7c642cafbb 
								
							 
						 
						
							
							
								
								Fixed typo in docs/ref/middleware.txt  
							
							
							
						 
						
							2015-07-27 07:15:49 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jan Pazdziora 
								
							 
						 
						
							
							
							
							
								
							
							
								a570701e02 
								
							 
						 
						
							
							
								
								Fixed   #25029  -- Added PersistentRemoteUserMiddleware for login-page-only external authentication.  
							
							
							
						 
						
							2015-07-02 17:38:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Marissa Zhou 
								
							 
						 
						
							
							
							
							
								
							
							
								8b1f39a727 
								
							 
						 
						
							
							
								
								Fixed   #24796  -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.  
							
							... 
							
							
							
							Also moved it in the project template. 
							
						 
						
							2015-06-08 12:32:38 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Dave Hodder 
								
							 
						 
						
							
							
							
							
								
							
							
								08c980d752 
								
							 
						 
						
							
							
								
								Updated capitalization in the word "JavaScript" for consistency  
							
							
							
						 
						
							2015-05-01 13:26:42 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								c79faae761 
								
							 
						 
						
							
							
								
								Removed versionadded/changed notes for 1.7.  
							
							
							
						 
						
							2015-02-01 21:02:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Berker Peksag 
								
							 
						 
						
							
							
							
							
								
							
							
								df0523debc 
								
							 
						 
						
							
							
								
								Fixed   #23531  -- Added CommonMiddleware.response_redirect_class.  
							
							
							
						 
						
							2014-11-04 17:56:57 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Thomas Chaumeny 
								
							 
						 
						
							
							
							
							
								
							
							
								d3db878e4b 
								
							 
						 
						
							
							
								
								Moved CSRF docs out of contrib.  
							
							
							
						 
						
							2014-11-03 07:47:39 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tim Graham 
								
							 
						 
						
							
							
							
							
								
							
							
								52ef6a4726 
								
							 
						 
						
							
							
								
								Fixed   #17101  -- Integrated django-secure and added check --deploy option  
							
							... 
							
							
							
							Thanks Carl Meyer for django-secure and for reviewing.
Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews. 
							
						 
						
							2014-09-12 15:05:23 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Claude Paroz 
								
							 
						 
						
							
							
							
							
								
							
							
								0b5bafe993 
								
							 
						 
						
							
							
								
								Removed reference to old middleware  
							
							
							
						 
						
							2014-06-30 20:36:18 +02:00