Merge commit '962cc014c0eaab44903f7c649b364bd3bb9f8bc3'

* commit '962cc014c0eaab44903f7c649b364bd3bb9f8bc3':
  FeinCMS v24.4.0
  Use csrftoken on webpage instead of cookie. This allows the setting CSRF_HTTP_ONLY = True. (feincms#711)
  FeinCMS v23.12.0
  Add Python 3.12, Django 5.0 (feincms#710)
  Log exceptions at the exception level, instead of warning. (feincms#708)
  Close image after reading dimensions. (feincms#709)

.github/workflows/tests.yml

@@ -18,6 +18,7 @@ jobs:
           - "3.9"
           - "3.10"
           - "3.11"
+          - "3.12"
 
     steps:
       - uses: actions/checkout@v3

CHANGELOG.rst

@@ -6,7 +6,21 @@ Change log
 `Next version`_
 ~~~~~~~~~~~~~~~
 
-.. _Next version: https://github.com/feincms/feincms/compare/v23.8.0...main
+v24.4.0 (2024-04-08)
+~~~~~~~~~~~~~~~~~~~~~
+
+- Fetched the CSRF token value from the input field instead of from the cookie.
+  This allows making the CSRF cookie ``httponly``. Thanks to Samuel Lin for the
+  contribution!
+
+
+v23.12.0 (2023-12-22)
+~~~~~~~~~~~~~~~~~~~~~
+
+- Added Python 3.12, Django 5.0.
+- Closed images after reading their dimensions. Raised the logging level to
+  exception when thumbnailing fails. Thanks to Jeroen Pulles for those two
+  contributions!
 
 
 `v23.8.0`_ (2023-08-07)

feincms/__init__.py

@@ -1,4 +1,4 @@
-VERSION = (23, 8, 0)
+VERSION = (24, 4, 0)
 __version__ = ".".join(map(str, VERSION))
 
 

feincms/module/medialibrary/modeladmins.py

@@ -169,7 +169,7 @@ def file_type(self, obj):
             except NotImplementedError:
                 return t
             try:
-                d = get_image_dimensions(obj.file.file)
+                d = get_image_dimensions(obj.file.file, close=True)
                 if d:
                     t += " %d×%d" % (d[0], d[1])
             except (OSError, TypeError, ValueError) as e:

feincms/static/feincms/tree_editor.js

@@ -9,7 +9,7 @@ feincms.jQuery.ajaxSetup({
   crossDomain: false, // obviates need for sameOrigin test
   beforeSend(xhr, settings) {
     if (!/^(GET|HEAD|OPTIONS|TRACE)$/.test(settings.type)) {
-      xhr.setRequestHeader("X-CSRFToken", Cookies.get("csrftoken"))
+      xhr.setRequestHeader("X-CSRFToken", document.querySelector('input[name="csrfmiddlewaretoken"]').value);
     }
   },
 })

feincms/templatetags/feincms_thumbnail.py

@@ -97,12 +97,7 @@ def __str__(self):
                     miniature=miniature,
                 )
             except Exception as exc:
-                logger.warning(
-                    "Rendering a thumbnail failed: %r",
-                    exc,
-                    exc_info=True,
-                    extra={"stack": True, "exception": exc},
-                )
+                logger.exception("Rendering a thumbnail failed: %s", exc)
                 # PIL raises a plethora of Exceptions if reading the image
                 # is not possible. Since we cannot be sure what Exception will
                 # happen, catch them all so the thumbnailer will never fail.

setup.cfg

@@ -19,11 +19,11 @@ classifiers =
     Operating System :: OS Independent
     Programming Language :: Python
     Programming Language :: Python :: 3
-    Programming Language :: Python :: 3.6
-    Programming Language :: Python :: 3.7
     Programming Language :: Python :: 3.8
     Programming Language :: Python :: 3.9
     Programming Language :: Python :: 3.10
+    Programming Language :: Python :: 3.11
+    Programming Language :: Python :: 3.12
     Programming Language :: Python :: Implementation :: CPython
     Topic :: Internet :: WWW/HTTP :: Dynamic Content
     Topic :: Software Development

tox.ini

@@ -2,6 +2,7 @@
 envlist =
     py{38,39,310}-dj{32,41,42}
     py{310,311}-dj{32,41,42,main}
+    py{312}-dj{42,50,main}
 
 [testenv]
 usedevelop = true
@@ -13,4 +14,5 @@ deps =
     dj32: Django>=3.2,<4.0
     dj41: Django>=4.1,<4.2
     dj42: Django>=4.2,<5.0
+    dj50: Django>=5.0,<5.1
     djmain: https://github.com/django/django/archive/main.tar.gz