mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-09 22:35:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
django/docs/ref
History
Exact
Carlton Gibson 32124fc41e [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f from master.
2019-07-01 08:40:19 +02:00
..
class-based-views [1.11.x] Fixed #28294 -- Doc'd request/args/kwargs attributes of class-based views. 2017-06-28 10:01:20 -04:00
contrib [1.11.x] Refs #27807 -- Removed docs for User.username_validator. 2019-04-07 20:09:15 -04:00
files [1.11.x] Fixed #27644 -- Doc'd FileSystemStorage.get_created_time(). 2017-04-26 13:55:48 -04:00
forms [1.11.x] Fixed #28729 -- Replaced a numbered list with unordered list in TemplatesSetting docs. 2017-10-20 14:04:15 -04:00
models [1.11.x] Fixed reference to nonexistent __between lookup. 2018-04-04 09:44:01 -04:00
templates [1.11.x] Fixed #29002 -- Corrected cached template loader docs about when it's automatically enabled. 2018-01-11 06:53:20 -05:00
applications.txt Fixed #25966 -- Made get_user_model() work at import time. 2016-11-25 14:15:49 +01:00
checks.txt [1.11.x] Removed extra characters in docs header underlines. 2017-03-20 18:31:28 -04:00
clickjacking.txt [1.11.x] Updated various links in docs to avoid redirects 2017-05-22 19:32:02 +02:00
csrf.txt [1.11.x] Updated various links in docs to avoid redirects 2017-05-22 19:32:02 +02:00
databases.txt [1.11.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required. 2019-04-05 12:13:05 +02:00
django-admin.txt [1.11.x] Refs #26294 -- Fixed typo in docs/ref/django-admin.txt. 2017-05-30 17:16:10 -04:00
exceptions.txt Documented AppRegistryNotReady. 2016-10-06 10:21:57 -04:00
index.txt Moved CSRF docs out of contrib. 2014-11-03 07:47:39 -05:00
middleware.txt [1.11.x] Removed docs for obsolete ExceptionMiddleware. 2018-05-27 13:38:42 -04:00
migration-operations.txt [1.11.x] Removed unused imports in example migrations. 2017-01-21 07:42:10 -05:00
request-response.txt [1.11.x] Fixed docs typo in HttpResponse.set_signed_cookie() signature. 2018-05-27 16:52:11 -04:00
schema-editor.txt Refs #26709 -- Documented SchemaEditor.add/remove_index(). 2016-07-07 10:21:25 -04:00
settings.txt [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 2019-07-01 08:40:19 +02:00
signals.txt [1.11.x] Fixed #28031 -- Removed notes about old uWSGI/sentry versions (refs #20537). 2017-04-06 09:34:11 -04:00
template-response.txt Fixed typo in docs/ref/template-response.txt. 2016-04-18 07:50:13 -04:00
unicode.txt Updated Oracle docs links to Oracle 12c. 2016-10-31 14:32:50 -04:00
urlresolvers.txt Fixed capitalization of "URL pattern". 2016-07-06 15:31:12 -04:00
urls.txt [1.11.x] Corrected doc'd type of some parameters from string to str. 2018-02-19 13:17:20 -05:00
utils.txt [1.11.x] Made the @cached_property example more consistent. 2017-08-11 10:14:08 -04:00
validators.txt [1.11.x] Corrected FileExtensionValidator doc regarding the value being validated. 2017-06-07 16:52:50 -04:00
views.txt Removed versionadded/changed annotations for 1.9. 2016-05-20 11:44:29 -04:00