Browse files

Added info to release notes about CSRF improvements

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
spookylukey committed May 31, 2011
1 parent 1cfb00d commit 1a951fa8d474fc9e6114cf63b8ba012233c9afcd
Showing with 10 additions and 0 deletions.
  1. +10 −0 docs/releases/1.4.txt
@@ -78,6 +78,16 @@ A new helper function,
``template.Library`` to ease the creation of template tags that store some
data in a specified context variable.
+CSRF improvements
+We've made various improvements to our CSRF features, including the
+:func:`~django.views.decorators.csrf.ensure_csrf_cookie` decorator which can
+help with AJAX heavy sites, protection for PUT and DELETE, and settings
+:setting:`CSRF_COOKIE_SECURE` and :setting:`CSRF_COOKIE_PATH` which can improve
+the security and usefulness of the CSRF protection. See the :doc:`CSRF docs
+</ref/contrib/csrf>` for more information.
.. _backwards-incompatible-changes-1.4:
Backwards incompatible changes in 1.4

0 comments on commit 1a951fa

Please sign in to comment.