mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-16 08:40:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
21910 commits 29 branches 452 tags 718 MiB
Commit graph

17 commits

Author SHA1 Message Date
Vaclav Ehrlich
147f9a0d2a [1.9.x] Fixed #26201 -- Documented the consequences of rotating the CSRF token on login. 
Backport of 369fa471f4 from master
 2016-04-05 19:36:56 -04:00
acemaster
73d8e646d7 [1.9.x] Fixed #26165 -- Added some FAQs about CSRF protection. 
Thanks Florian Apolloner and Shai Berger for review.

Backport of a1b1688c7d from master
 2016-03-01 09:04:16 -05:00
userimack
f3194d951d [1.9.x] Fixed #26181 -- Corrected AngularJS CSRF example. 
Backport of 7a7b82e6f4 from master
 2016-02-09 09:38:04 -05:00
Luke Plant
b5c4972283 [1.9.x] Changed action="." to action="" in tests and docs. 
`action="."` strips query parameters from the URL which is not usually what
you want. Copy-paste coding of these examples could lead to difficult to
track down bugs or even data loss if the query parameter was meant to alter
the scope of a form's POST request.

Backport of 77974a684a from master
 2016-01-21 14:00:06 -05:00
Danilo Bargen
577ec6fcd1 [1.9.x] Added docs about configuring CSRF support in AngularJS. 
Backport of 6a4f13de27 from master
 2016-01-15 10:16:57 -05:00
Tim Graham
d162b0bcd8 [1.9.x] Fixed #25969 -- Replaced render_to_response() with render() in docs examples. 
Backport of 4d83b0163e from master
 2015-12-23 10:50:55 -05:00
Jon Dufresne
bf76cf07e0 [1.9.x] Fixed #25778 -- Updated docs links to use https when available. 
Backport of 7aabd62380 from master
 2015-12-01 08:03:16 -05:00
Agnieszka Lasyk
b3389956c9 [1.9.x] Fixed #25755 -- Unified spelling of "website". 
Backport of 1f8dad6915 from master
 2015-11-16 06:44:46 -05:00
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN. 
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
 2015-09-16 12:21:50 -04:00
Joshua Kehn
ab26b65b2f Fixed #25334 -- Provided a way to allow cross-origin unsafe requests over HTTPS. 
Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other
domains that are included during the CSRF Referer header verification
for secure (HTTPS) requests.
 2015-09-05 09:19:57 -04:00
Marc
f9de197268 Recommended the JavaScript Cookie library instead of jQuery cookie. 
jQuery cookie is no longer maintained in favor of the JavaScript
cookie library. This also removes the jQuery dependency.
 2015-08-19 10:04:01 -04:00
Dave Hodder
08c980d752 Updated capitalization in the word "JavaScript" for consistency 2015-05-01 13:26:42 -04:00
Grzegorz Slusarek
668d53cd12 Fixed #21495 -- Added settings.CSRF_HEADER_NAME 2015-03-05 15:03:40 -05:00
Aymeric Augustin
9eb4f28e89 Deprecated TEMPLATE_CONTEXT_PROCESSORS. 2014-12-28 17:02:31 +01:00
Aymeric Augustin
92e8f1f302 Moved context_processors from django.core to django.template. 2014-12-28 17:00:07 +01:00
Fabio Natali
fa680ce1e2 Fixed #23825 -- Added links for decorating class-based views to the CSRF docs. 2014-11-15 19:33:39 +01:00
Thomas Chaumeny
d3db878e4b Moved CSRF docs out of contrib. 2014-11-03 07:47:39 -05:00
Renamed from docs/ref/contrib/csrf.txt (Browse further)