Re: Oracle 23c released earlier this month

Thanks for sharing the news David! Support for true BOOLEAN type and GROUP BY position are effectively very welcome changes as they account for a few hacks. I do wonder if that's paving the way for grouping by subquery in future versions. Best, Simon Le lundi 17 avril 2023 à 08:06:57 UTC-4,

Re: Fellow Reports - April 2023

Week ending 2023-04-16 (Week 16) Triaged: https://code.djangoproject.com/ticket/34490 - Tests with mirror database not working as expected (invalid) https://code.djangoproject.com/ticket/34489 - feature: Support for PostgreSQL table partitioning (needsinfo) Reviewed:

Re: Oracle 23c released earlier this month

Hi, Thanks! Also, they finally update VM: https://www.oracle.com/database/technologies/databaseappdev-vm.html We still have to wait for a compatible driver, cx_Oracle and python-oracledb don't support it yet. Best, Mariusz -- You received this message because you are subscribed to the

Oracle 23c released earlier this month

Hi folks, For anyone interested Oracle 23c was released earlier this month . There are a couple of interesting features but just looking over the changes it looks like it resolves some caveats that

Re: Select API choice when starting new project.

thank you i didn't know. On Mon, Apr 17, 2023 at 8:26 AM Florian Apolloner wrote: > Hi, this is something which is already supported via the template argument > to startproject/startapp. > > Cheers, > florian > > On Sunday, April 16, 2023 at 11:47:44 PM UTC+2 Daniel Azubuine wrote: > >> When

Re: Fellow Reports - April 2023

Week ending April 16, 2023 *Triaged:* https://code.djangoproject.com/ticket/34480 - Annotating with Chr raises ValueError (accepted) https://code.djangoproject.com/ticket/34481 - Admin check for reversed foreign key used in "list_display" (accepted)

Re: Drop CSRF middleware from the settings template

https://security.stackexchange.com/questions/262245/are-csrf-attacks-a-thing-of-the-past Looks like lax will do the trick, but it's not like there aren't legit cases for same-site policy to be set to something less restrictive. LP, Jure On 17. 04. 23 09:24, Jacob Rief wrote: On Monday,

Re: Select API choice when starting new project.

Hi, this is something which is already supported via the template argument to startproject/startapp. Cheers, florian On Sunday, April 16, 2023 at 11:47:44 PM UTC+2 Daniel Azubuine wrote: > When starting a new Django project, the user can select if he wants to > build an API or use the Django

Re: Proposal: Constructing urls outside the request cycle

On Sunday, April 16, 2023 at 10:21:20 AM UTC+2 Adam Johnson wrote: One question though, how will we support projects that are served at multiple domains? Would Django only support the "main" site through BASE_URL and require you to perform URL construction for other domains as required? As

Re: Drop CSRF middleware from the settings template

On Monday, April 17, 2023 at 8:45:16 AM UTC+2 Curtis Maloney wrote: Are you implying that all CSRF attacks protected by Django's current machinery are entirely mitigated by SameSite=Lax on the _session_ cookiue? Yes. Therefore imho, the CSRF protection is just some nasty legacy, developers

Re: Drop CSRF middleware from the settings template

On Mon, 17 Apr 2023, at 04:25, 'Ryan Hiebert' via Django developers (Contributions to Django itself) wrote: > I've recently been working with other new frameworks, particularly Remix. > Coming from Django, which has had excellent CSRF for many years, one of my > first questions was how to

Re: Drop CSRF middleware from the settings template

Actually, I attempted to forge POST requests on Django with disabled CSRF protection – and failed. Maybe I wasn't creative enough, but modern browsers do indeed have a good protection against this attack vector. I therefore welcome this proposal, unless someone can show how to bypass this