Hi Tino,
2015-08-31 8:35 GMT+02:00 Tino de Bruijn :
> - What happens when two SerializeMixin tests try to lock the same file?
> Does one wait for the other (probably not), or is a lockfile exception
> raised?
>
The second one waits for the first one to complete. This happens all the
time because
Hi,
Ticket: https://code.djangoproject.com/ticket/25328
I made a proposal to include a LiveServerTestCase, which runs an HTTPS
server instead of standard HTTP server. I've been asked to get more
feedback for this idea.
If my refactor is merged I can release the test case as a separate app. But
I'm getting this always when I try to use Github Login on
code.djangoproject.com
AFAIU I was banned there, am I right? But I never received any
notification. What can I do to get me unbanned?
--
You received this message because you are subscribed to the Google Groups
"Django developers (Con
Hi, as far as I know, we haven't banned anyone in Trac. We did receive a
similar report in IRC last week (maybe it was you). Could you create a
ticket in the code.djangoproject.com issue tracker with any more details?
https://github.com/django/code.djangoproject.com/issues
On Monday, August 31,
In the absence of a more sophisticated implementation, here's a possible
simple solution: https://github.com/django/django/pull/5212
Maybe we can come up with a better name for the migrate option (currently
--run-syncdb).
On Friday, August 28, 2015 at 3:08:26 AM UTC-4, Markus Holtermann wrote:
As far as how well apps without migrations would work compared to 1.8, a
couple things come to mind:
1. There's no management commands to get the SQL for these apps.
2. There's no more support for initial data/custom SQL.
On Monday, August 31, 2015 at 10:48:25 AM UTC-4, Tim Graham wrote:
>
> In
I understand why the Referrer check for secure requests is in place.
What is currently preventing cross-domain API requests is that the check
is not configurable. I'm talking specifically about requests when
`request.is_secure()` returns `True` and an unsafe but specifically
cross-origin reques
Hi Josh,
On 08/31/2015 09:38 AM, Joshua Kehn wrote:
> I understand why the Referrer check for secure requests is in place.
> What is currently preventing cross-domain API requests is that the check
> is not configurable. I'm talking specifically about requests when
> |request.is_secure()| returns
On 31 Aug 2015, at 12:35, Carl Meyer wrote:
I'm not sure what you mean by "unsafe but specifically cross-origin
request" here. I think the point is that the request is in fact safe,
because it's coming from an approved CORS source, but there's no way
to
tell the CSRF middleware that.
Yes, ex
Hi Josh,
I think it would make sense to just add a `CSRF_ALLOWED_REFERERS`
setting, defaulting to `None` (which would give the current behavior of
requiring a match with the `Host` header). If set, it would be a list of
valid referer hosts. Documentation needs to be extremely clear that you
should
Anyone else see a problem with that that I'm missing?
I think this sounds fine.
You up for filing a ticket and maybe a patch/pull-request too?
Absolutely.
Thanks
--jk
***
[me](http://kehn.us) | [@joshkehn](https://twitter.com/joshkehn)
On 31 Aug 2015, at 13:21, Carl Meyer wrote:
Hi Jos
A couple follow-up thoughts:
On 08/31/2015 11:22 AM, Joshua Kehn wrote:
> On 31 Aug 2015, at 13:21, Carl Meyer wrote:
> I think it would make sense to just add a |CSRF_ALLOWED_REFERERS|
> setting, defaulting to |None| (which would give the current behavior of
> requiring a match with t
On 31 Aug 2015, at 13:25, Carl Meyer wrote:
A couple follow-up thoughts:
On 08/31/2015 11:22 AM, Joshua Kehn wrote:
On 31 Aug 2015, at 13:21, Carl Meyer wrote:
I think it would make sense to just add a |CSRF_ALLOWED_REFERERS|
setting, defaulting to |None| (which would give the current behavi
On 08/31/2015 11:37 AM, Joshua Kehn wrote:
> 2) If it's set, a match with the Host header (or maybe with any host in
> |ALLOWED_HOSTS|) should still be allowed, so you aren't forced to
> duplicate |ALLOWED_HOSTS| inside |CSRF_TRUSTED_REFERERS|.
>
> So the check here would look somethin
Is this related or duplicate to https://code.djangoproject.com/ticket/24496?
That ticket has a patch that got stalled a bit, but might be worth reviving
first in case this new one causes it to go stale.
On Monday, August 31, 2015 at 1:37:45 PM UTC-4, Joshua Kehn wrote:
>
> On 31 Aug 2015, at 13:
On 31 Aug 2015, at 13:56, Carl Meyer wrote:
> No, I don't think `*` should be allowed in `CSRF_TRUSTED_REFERERS`; I
> don't think there is any scenario in which that is a safe or reasonable
> configuration.
>
> And I think that the fact that it's allowed in `ALLOWED_HOSTS` might be
> a reason to j
On 31 Aug 2015, at 14:02, Tim Graham wrote:
Is this related or duplicate to
https://code.djangoproject.com/ticket/24496?
That ticket has a patch that got stalled a bit, but might be worth
reviving
first in case this new one causes it to go stale.
Looks related.
If we decide to go with Troy
Could you explain what types of tests require https (or otherwise expand on
the rationale for adding this)? If the answer is that we don't want to have
a separate "test settings" with all the SSL settings disabled
(CSRF_COOKIE_SECURE, SECURE_HSTS_SECONDS, etc.) then I understand this,
however,
On 08/31/2015 12:09 PM, Joshua Kehn wrote:
> On 31 Aug 2015, at 14:02, Tim Graham wrote:
>
> Is this related or duplicate to
> https://code.djangoproject.com/ticket/24496?
> That ticket has a patch that got stalled a bit, but might be worth
> reviving
> first in case this new o
By "we" do you mean the engineers at Microsoft who will be working on this?
Will they be doing any planning for this before the meet up in October? I'd
like to know more specifics about the agenda and goals for the workshop.
Also, I wanted to make sure my question about a videoconferencing optio
Aymeric, did you envision any changes to Django's CI setup? Currently we
run 1 Jenkins executor per CPU, so I don't know that adding parallelization
would have any benefit? (We are already using all 8 CPUs when we're running
8 concurrent builds from the matrix.) If not, then I wonder how we can
This seems okay at first glance, though I wonder if an enum-like object
might be better than magic int/boolean values. Something like:
class ApproximateWith(object):
NONE = 0
YEARS = 1
MONTHS = 2
DAYS = 3
Do you think a separate ModelAdmin attribute better than allowing something
On 31 août 2015, at 20:41, Tim Graham wrote:
> Aymeric, did you envision any changes to Django's CI setup?
Glad you asked :-) I have some thoughts but no definitive opinion.
> Currently we run 1 Jenkins executor per CPU, so I don't know that adding
> parallelization would have any benefit? (We
Hi Tim,
Thanks for bringing it up. Yes, we will have developers who will engage
with Django developers (like yourself) during the workshop.
The goals of the October workshop are to:
1) Get to know each other and begin building a relationship
2) Get in a room with Microsoft developers
To arrive at the best solution, I think a lot of discussion needs to happen
on this mailing list before October. As for me, besides the name of some
existing packages that offer SQL Server/Azure support, I know very little
about the current landscape so I really wouldn't have anything to offer i
Thanks, that was my intuition but just wanted to double check.
On Sunday, August 30, 2015 at 9:53:02 AM UTC-4, Ned Batchelder wrote:
>
> The eval criterion rarely seems like a useful rule of thumb to me. Does
> anyone actually use this to make objects? I think the useful rule is, a
> repr shou
Hi Tim, Meet
I know this is very late to be mentioning, but one idea that worth
raising: DjangoCon US is next week (in Austin). Thursday and Friday
are coding sprints, where there will be many people (including a good
chunk of the core team) looking for projects to hack on.
Microsoft is already a
On 31 Aug 2015, at 14:24, Carl Meyer wrote:
This solution is more powerful than just using CSRF_COOKIE_DOMAIN,
since
it also allows for separate-domain CORS situations in addition to
cross-subdomain requests. So I would consider this to be a good fix
for
\#24496; I don't think we need another
28 matches
Mail list logo
