Regression in 94e7f471c4.
This reverts commit 94e7f471c4
(refs #34069) and
partly reverts commit 3b4728310a.
Thanks Anthony Baillard for the report.
Co-Authored-By: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
By moving a should_redirect_with_slash call out of an if block, commit
9390da7fb6 negated the performance fix
of commit 434d309ef6 (#24720).
Meanwhile, the logging issue #26293 that it targeted was subsequently
fixed more fully by commit 40b69607c7
(#26504), so it is no longer needed. This effectively reverts it.
This speeds up successful requests not ending with / when APPEND_SLASH
is enabled (the default, and still useful in projects with a mix of
URLs with and without trailing /). The amount of speedup varies from
about 5% in a typical project to nearly 50% on a benchmark with many
routes.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This also adds CSRF_COOKIE_MASKED transitional setting helpful in
migrating multiple instance of the same project to Django 4.1+.
Thanks Florian Apolloner and Shai Berger for reviews.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
get_language_from_request() uses Accept-Language and/or Cookie to determine the
correct redirect. Upstream caches need the matching Vary header to cache the
result.
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
SecurityMiddleware and the three cache middlewares were not calling
super().__init__() during their initialization or calling the required
MiddlewareMixin._async_check() method.
This made the middlewares not properly present as coroutine and
confused the middleware chain when used in a fully async context.
Thanks Kordian Kowalski for the report.
Ensured process_view() always accesses the CSRF token from the session
or cookie, rather than the request, as rotate_token() may have been called
by an authentication middleware during the process_request() phase.
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
