Merge branch 'master' into issue5616

2025-08-02 19:40:13 +03:00 · 2018-10-12 11:13:57 +03:00 · 2018-10-12 11:13:57 +03:00 · 60e48143c2
commit 60e48143c2
parent 6825950664 1c3f796219
67 changed files with 739 additions and 178 deletions
--- a/ISSUE_TEMPLATE.md
+++ b/ISSUE_TEMPLATE.md
@ -3,7 +3,7 @@
 - [ ] I have verified that that issue exists against the `master` branch of Django REST framework.
 - [ ] I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
 - [ ] This is not a usage question. (Those should be directed to the [discussion group](https://groups.google.com/forum/#!forum/django-rest-framework) instead.)
- [ ] This cannot be dealt with as a third party library. (We prefer new functionality to be [in the form of third party libraries](http://www.django-rest-framework.org/topics/third-party-resources/#about-third-party-packages) where possible.)
+- [ ] This cannot be dealt with as a third party library. (We prefer new functionality to be [in the form of third party libraries](https://www.django-rest-framework.org/topics/third-party-resources/#about-third-party-packages) where possible.)
 - [ ] I have reduced the issue to the simplest possible case.
 - [ ] I have included a failing test as a pull request. (If you are unable to do so we can still accept the issue.)
--- a/LICENSE.md
+++ b/LICENSE.md
@ -1,6 +1,6 @@
 # License
-Copyright © 2011-present, [Encode OSS Ltd](http://www.encode.io/).
+Copyright © 2011-present, [Encode OSS Ltd](https://www.encode.io/).
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@
 **Awesome web-browsable Web APIs.**
-Full documentation for the project is available at [http://www.django-rest-framework.org][docs].
+Full documentation for the project is available at [https://www.django-rest-framework.org/][docs].
 ---
@ -25,8 +25,9 @@ The initial aim is to provide a single full-time position on REST framework.
 [![][rollbar-img]][rollbar-url]
 [![][cadre-img]][cadre-url]
 [![][load-impact-img]][load-impact-url]
 [![][kloudless-img]][kloudless-url]
-Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Rover][rover-url], [Sentry][sentry-url], [Stream][stream-url], [Rollbar][rollbar-url], [Cadre][cadre-url], and [Load Impact][load-impact-url].
+Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Rover][rover-url], [Sentry][sentry-url], [Stream][stream-url], [Rollbar][rollbar-url], [Cadre][cadre-url], [Load Impact][load-impact-url], and [Kloudless][kloudless-url].
 ---
@ -76,7 +77,7 @@ Startup up a new project like so...
    pip install django
    pip install djangorestframework
-    django-admin.py startproject example .
+    django-admin startproject example .
    ./manage.py migrate
    ./manage.py createsuperuser
@ -163,7 +164,7 @@ Or to create a new user:
 # Documentation & Support
-Full documentation for the project is available at [http://www.django-rest-framework.org][docs].
+Full documentation for the project is available at [https://www.django-rest-framework.org/][docs].
 For questions and support, use the [REST framework discussion group][group], or `#restframework` on freenode IRC.
@ -194,6 +195,7 @@ Send a description of the issue via email to [rest-framework-security@googlegrou
 [rollbar-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/rollbar-readme.png
 [cadre-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/cadre-readme.png
 [load-impact-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/load-impact-readme.png
 [kloudless-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/kloudless-readme.png
 [rover-url]: http://jobs.rover.com/
 [sentry-url]: https://getsentry.com/welcome/
@ -201,18 +203,19 @@ Send a description of the issue via email to [rest-framework-security@googlegrou
 [rollbar-url]: https://rollbar.com/
 [cadre-url]: https://cadre.com/
 [load-impact-url]: https://loadimpact.com/?utm_campaign=Sponsorship%20links&utm_source=drf&utm_medium=drf
 [kloudless-url]: https://hubs.ly/H0f30Lf0
-[oauth1-section]: http://www.django-rest-framework.org/api-guide/authentication/#django-rest-framework-oauth
+[oauth1-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-rest-framework-oauth
-[oauth2-section]: http://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit
+[oauth2-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit
-[serializer-section]: http://www.django-rest-framework.org/api-guide/serializers/#serializers
+[serializer-section]: https://www.django-rest-framework.org/api-guide/serializers/#serializers
-[modelserializer-section]: http://www.django-rest-framework.org/api-guide/serializers/#modelserializer
+[modelserializer-section]: https://www.django-rest-framework.org/api-guide/serializers/#modelserializer
-[functionview-section]: http://www.django-rest-framework.org/api-guide/views/#function-based-views
+[functionview-section]: https://www.django-rest-framework.org/api-guide/views/#function-based-views
-[generic-views]: http://www.django-rest-framework.org/api-guide/generic-views/
+[generic-views]: https://www.django-rest-framework.org/api-guide/generic-views/
-[viewsets]: http://www.django-rest-framework.org/api-guide/viewsets/
+[viewsets]: https://www.django-rest-framework.org/api-guide/viewsets/
-[routers]: http://www.django-rest-framework.org/api-guide/routers/
+[routers]: https://www.django-rest-framework.org/api-guide/routers/
-[serializers]: http://www.django-rest-framework.org/api-guide/serializers/
+[serializers]: https://www.django-rest-framework.org/api-guide/serializers/
-[authentication]: http://www.django-rest-framework.org/api-guide/authentication/
+[authentication]: https://www.django-rest-framework.org/api-guide/authentication/
-[image]: http://www.django-rest-framework.org/img/quickstart.png
+[image]: https://www.django-rest-framework.org/img/quickstart.png
-[docs]: http://www.django-rest-framework.org/
+[docs]: https://www.django-rest-framework.org/
 [security-mail]: mailto:rest-framework-security@googlegroups.com
--- a/codecov.yml
+++ b/codecov.yml
@ -1,8 +1,11 @@
 coverage:
-  status:
+  precision: 2
-    project: false
+  round: down
-    patch: true
+  range: "80...100"
    changes: true
-comment:
+  status:
-  layout: "diff"
+    project: yes
    patch: no
    changes: no
 comment: off
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@ -397,7 +397,7 @@ HTTP digest authentication is a widely implemented scheme that was intended to r
 ## JSON Web Token Authentication
-JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. [Blimp][blimp] maintains the [djangorestframework-jwt][djangorestframework-jwt] package which provides a JWT Authentication class as well as a mechanism for clients to obtain a JWT given the username and password. An alternative package for JWT authentication is [djangorestframework-simplejwt][djangorestframework-simplejwt] which provides different features as well as a pluggable token blacklist app.
+JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. A package for JWT authentication is [djangorestframework-simplejwt][djangorestframework-simplejwt] which provides some features as well as a pluggable token blacklist app.
 ## Hawk HTTP Authentication
@ -445,8 +445,6 @@ HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a
 [django-oauth-toolkit]: https://github.com/evonove/django-oauth-toolkit
 [evonove]: https://github.com/evonove/
 [oauthlib]: https://github.com/idan/oauthlib
 [blimp]: https://github.com/GetBlimp
 [djangorestframework-jwt]: https://github.com/GetBlimp/django-rest-framework-jwt
 [djangorestframework-simplejwt]: https://github.com/davesque/django-rest-framework-simplejwt
 [etoccalino]: https://github.com/etoccalino/
 [djangorestframework-httpsignature]: https://github.com/etoccalino/django-rest-framework-httpsignature
--- a/docs/api-guide/filtering.md
+++ b/docs/api-guide/filtering.md
@ -285,6 +285,12 @@ The `ordering` attribute may be either a string or a list/tuple of strings.
 The `DjangoObjectPermissionsFilter` is intended to be used together with the [`django-guardian`][guardian] package, with custom `'view'` permissions added.  The filter will ensure that querysets only returns objects for which the user has the appropriate view permission.
 ---
 **Note:** This filter has been deprecated as of version 3.9 and moved to the 3rd-party [`djangorestframework-guardian` package][django-rest-framework-guardian].
 ---
 If you're using `DjangoObjectPermissionsFilter`, you'll probably also want to add an appropriate object permissions class, to ensure that users can only operate on instances if they have the appropriate object permissions.  The easiest way to do this is to subclass `DjangoObjectPermissions` and add `'view'` permissions to the `perms_map` attribute.
 A complete example using both `DjangoObjectPermissionsFilter` and `DjangoObjectPermissions` might look something like this.
@ -388,6 +394,7 @@ The [djangorestframework-word-filter][django-rest-framework-word-search-filter]
 [view-permissions-blogpost]: https://blog.nyaruka.com/adding-a-view-permission-to-django-models
 [search-django-admin]: https://docs.djangoproject.com/en/stable/ref/contrib/admin/#django.contrib.admin.ModelAdmin.search_fields
 [django-rest-framework-filters]: https://github.com/philipn/django-rest-framework-filters
 [django-rest-framework-guardian]: https://github.com/rpkilby/django-rest-framework-guardian
 [django-rest-framework-word-search-filter]: https://github.com/trollknurr/django-rest-framework-word-search-filter
 [django-url-filter]: https://github.com/miki725/django-url-filter
 [drf-url-filter]: https://github.com/manjitkumar/drf-url-filters
--- a/docs/api-guide/format-suffixes.md
+++ b/docs/api-guide/format-suffixes.md
@ -90,4 +90,4 @@ It is actually a misconception.  For example, take the following quote from Roy
 The quote does not mention Accept headers, but it does make it clear that format suffixes should be considered an acceptable pattern.
 [cite]: http://tech.groups.yahoo.com/group/rest-discuss/message/5857
-[cite2]: http://tech.groups.yahoo.com/group/rest-discuss/message/14844
+[cite2]: https://groups.yahoo.com/neo/groups/rest-discuss/conversations/topics/14844
--- a/docs/api-guide/metadata.md
+++ b/docs/api-guide/metadata.md
@ -117,5 +117,5 @@ If you wish to do so, it also provides an exporter that can export those schema
 [cite]: https://tools.ietf.org/html/rfc7231#section-4.3.7
 [no-options]: https://www.mnot.net/blog/2012/10/29/NO_OPTIONS
-[json-schema]: http://json-schema.org/
+[json-schema]: https://json-schema.org/
 [drf-schema-adapter]: https://github.com/drf-forms/drf-schema-adapter
--- a/docs/api-guide/pagination.md
+++ b/docs/api-guide/pagination.md
@ -46,7 +46,7 @@ If you want to modify particular aspects of the pagination style, you'll want to
        page_size_query_param = 'page_size'
        max_page_size = 1000
-You can then apply your new style to a view using the `.pagination_class` attribute:
+You can then apply your new style to a view using the `pagination_class` attribute:
    class BillingRecordsView(generics.ListAPIView):
        queryset = Billing.objects.all()
@ -319,5 +319,5 @@ The [`django-rest-framework-link-header-pagination` package][drf-link-header-pag
 [paginate-by-max-mixin]: https://chibisov.github.io/drf-extensions/docs/#paginatebymaxmixin
 [drf-proxy-pagination]: https://github.com/tuffnatty/drf-proxy-pagination
 [drf-link-header-pagination]: https://github.com/tbeadle/django-rest-framework-link-header-pagination
-[disqus-cursor-api]: http://cra.mr/2011/03/08/building-cursors-for-the-disqus-api
+[disqus-cursor-api]: https://cra.mr/2011/03/08/building-cursors-for-the-disqus-api
 [float_cursor_pagination_example]: https://gist.github.com/keturn/8bc88525a183fd41c73ffb729b8865be#file-fpcursorpagination-py
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@ -102,6 +102,27 @@ Or, if you're using the `@api_view` decorator with function based views.
 __Note:__ when you set new permission classes through class attribute or decorators you're telling the view to ignore the default list set over the __settings.py__ file.
 Provided they inherit from `rest_framework.permissions.BasePermission`, permissions can be composed using standard Python bitwise operators. For example, `IsAuthenticatedOrReadOnly` could be written:
    from rest_framework.permissions import BasePermission, IsAuthenticated
    from rest_framework.response import Response
    from rest_framework.views import APIView
    class ReadOnly(BasePermission):
        def has_permission(self, request, view):
            return request.method in SAFE_METHODS
    class ExampleView(APIView):
        permission_classes = (IsAuthenticated|ReadOnly)
        def get(self, request, format=None):
            content = {
                'status': 'request was permitted'
            }
            return Response(content)
 __Note:__ it only supports & -and- and | -or-.
 ---
 # API Reference
@ -168,9 +189,7 @@ As with `DjangoModelPermissions` you can use custom model permissions by overrid
 ---
-**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests, you'll want to consider also adding the `DjangoObjectPermissionsFilter` class to ensure that list endpoints only return results including objects for which the user has appropriate view permissions.
+**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests and are using django-guardian for your object-level permissions backend, you'll want to consider using the `DjangoObjectPermissionsFilter` class provided by the [`djangorestframework-guardian` package][django-rest-framework-guardian]. It ensures that list endpoints only return results including objects for which the user has appropriate view permissions.
 ---
 ---
@ -287,3 +306,4 @@ The [Django Rest Framework Role Filters][django-rest-framework-role-filters] pac
 [django-rest-framework-roles]: https://github.com/computer-lab/django-rest-framework-roles
 [django-rest-framework-api-key]: https://github.com/manosim/django-rest-framework-api-key
 [django-rest-framework-role-filters]: https://github.com/allisson/django-rest-framework-role-filters
 [django-rest-framework-guardian]: https://github.com/rpkilby/django-rest-framework-guardian
--- a/docs/api-guide/relations.md
+++ b/docs/api-guide/relations.md
@ -594,7 +594,7 @@ The [rest-framework-generic-relations][drf-nested-relations] library provides re
 [cite]: https://lwn.net/Articles/193245/
 [reverse-relationships]: https://docs.djangoproject.com/en/stable/topics/db/queries/#following-relationships-backward
-[routers]: http://www.django-rest-framework.org/api-guide/routers#defaultrouter
+[routers]: https://www.django-rest-framework.org/api-guide/routers#defaultrouter
 [generic-relations]: https://docs.djangoproject.com/en/stable/ref/contrib/contenttypes/#id1
 [drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
 [drf-nested-relations]: https://github.com/Ian-Foote/rest-framework-generic-relations
--- a/docs/api-guide/renderers.md
+++ b/docs/api-guide/renderers.md
@ -521,13 +521,13 @@ Comma-separated values are a plain-text tabular data format, that can be easily
 [browser-accept-headers]: http://www.gethifi.com/blog/browser-rest-http-accept-headers
 [testing]: testing.md
 [HATEOAS]: http://timelessrepo.com/haters-gonna-hateoas
-[quote]: http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
+[quote]: https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
 [application/vnd.github+json]: https://developer.github.com/v3/media/
 [application/vnd.collection+json]: http://www.amundsen.com/media-types/collection/
 [django-error-views]: https://docs.djangoproject.com/en/stable/topics/http/views/#customizing-error-views
 [rest-framework-jsonp]: https://jpadilla.github.io/django-rest-framework-jsonp/
 [cors]: https://www.w3.org/TR/cors/
-[cors-docs]: http://www.django-rest-framework.org/topics/ajax-csrf-cors/
+[cors-docs]: https://www.django-rest-framework.org/topics/ajax-csrf-cors/
 [jsonp-security]: https://stackoverflow.com/questions/613962/is-jsonp-safe-to-use
 [rest-framework-yaml]: https://jpadilla.github.io/django-rest-framework-yaml/
 [rest-framework-xml]: https://jpadilla.github.io/django-rest-framework-xml/
--- a/docs/api-guide/requests.md
+++ b/docs/api-guide/requests.md
@ -90,7 +90,7 @@ You won't typically need to access this property.
 ---
-**Note:** You may see a `WrappedAttributeError` raised when calling the `.user` or `.auth` properties. These errors originate from an authenticator as a standard `AttributeError`, however it's necessary that they be re-raised as a different exception type in order to prevent them from being suppressed by the outer property access. Python will not recognize that the `AttributeError` orginates from the authenticator and will instaed assume that the request object does not have a `.user` or `.auth` property. The authenticator will need to be fixed.
+**Note:** You may see a `WrappedAttributeError` raised when calling the `.user` or `.auth` properties. These errors originate from an authenticator as a standard `AttributeError`, however it's necessary that they be re-raised as a different exception type in order to prevent them from being suppressed by the outer property access. Python will not recognize that the `AttributeError` orginates from the authenticator and will instead assume that the request object does not have a `.user` or `.auth` property. The authenticator will need to be fixed.
 ---
--- a/docs/api-guide/routers.md
+++ b/docs/api-guide/routers.md
@ -325,7 +325,7 @@ The [wq.db package][wq.db] provides an advanced [ModelRouter][wq.db-router] clas
 The [`DRF-extensions` package][drf-extensions] provides [routers][drf-extensions-routers] for creating [nested viewsets][drf-extensions-nested-viewsets], [collection level controllers][drf-extensions-collection-level-controllers] with [customizable endpoint names][drf-extensions-customizable-endpoint-names].
-[cite]: http://guides.rubyonrails.org/routing.html
+[cite]: https://guides.rubyonrails.org/routing.html
 [route-decorators]: viewsets.md#marking-extra-actions-for-routing
 [drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
 [wq.db]: https://wq.io/wq.db
--- a/docs/api-guide/schemas.md
+++ b/docs/api-guide/schemas.md
@ -10,12 +10,50 @@ API schemas are a useful tool that allow for a range of use cases, including
 generating reference documentation, or driving dynamic client libraries that
 can interact with your API.
-## Install Core API
+## Install Core API & PyYAML
 You'll need to install the `coreapi` package in order to add schema support
-for REST framework.
+for REST framework. You probably also want to install `pyyaml`, so that you
 can render the schema into the commonly used YAML-based OpenAPI format.
-    pip install coreapi
+    pip install coreapi pyyaml
 ## Quickstart
 There are two different ways you can serve a schema description for you API.
 ### Generating a schema with the `generateschema` management command
 To generate a static API schema, use the `generateschema` management command.
 ```shell
 $ python manage.py generateschema > schema.yml
 ```
 Once you've generated a schema in this way you can annotate it with any
 additional information that cannot be automatically inferred by the schema
 generator.
 You might want to check your API schema into version control and update it
 with each new release, or serve the API schema from your site's static media.
 ### Adding a view with `get_schema_view`
 To add a dynamically generated schema view to your API, use `get_schema_view`.
 ```python
 from rest_framework.schemas import get_schema_view
 schema_view = get_schema_view(title="Example API")
 urlpatterns = [
    url('^schema$', schema_view),
    ...
 ]
 ```
 See below [for more details](#the-get_schema_view-shortcut) on customizing a
 dynamically generated schema view.
 ## Internal schema representation
@ -71,38 +109,19 @@ endpoint:
 In order to be presented in an HTTP response, the internal representation
 has to be rendered into the actual bytes that are used in the response.
 REST framework includes a few different renderers that you can use for
 encoding the API schema.
 * `renderers.OpenAPIRenderer` - Renders into YAML-based [OpenAPI][openapi], the most widely used API schema format.
 * `renderers.JSONOpenAPIRenderer` - Renders into JSON-based [OpenAPI][openapi].
 * `renderers.CoreJSONRenderer` - Renders into [Core JSON][corejson], a format designed for
 use with the `coreapi` client library.
 [Core JSON][corejson] is designed as a canonical format for use with Core API.
 REST framework includes a renderer class for handling this media type, which
 is available as `renderers.CoreJSONRenderer`.
 ### Alternate schema formats
 Other schema formats such as [Open API][open-api] ("Swagger"),
 [JSON HyperSchema][json-hyperschema], or [API Blueprint][api-blueprint] can also
 be supported by implementing a custom renderer class that handles converting a
 `Document` instance into a bytestring representation.
 If there is a Core API codec package that supports encoding into the format you
 want to use then implementing the renderer class can be done by using the codec.
 #### Example
 For example, the `openapi_codec` package provides support for encoding or decoding
 to the Open API ("Swagger") format:
    from rest_framework import renderers
    from openapi_codec import OpenAPICodec
    class SwaggerRenderer(renderers.BaseRenderer):
        media_type = 'application/openapi+json'
        format = 'swagger'
        def render(self, data, media_type=None, renderer_context=None):
            codec = OpenAPICodec()
            return codec.dump(data)
 ## Schemas vs Hypermedia
@ -325,13 +344,12 @@ ROOT_URLCONF setting.
 May be used to pass the set of renderer classes that can be used to render the API root endpoint.
    from rest_framework.schemas import get_schema_view
-    from rest_framework.renderers import CoreJSONRenderer
+    from rest_framework.renderers import JSONOpenAPIRenderer
    from my_custom_package import APIBlueprintRenderer
    schema_view = get_schema_view(
        title='Server Monitoring API',
        url='https://www.example.org/api/',
-        renderer_classes=[CoreJSONRenderer, APIBlueprintRenderer]
+        renderer_classes=[JSONOpenAPIRenderer]
    )
 #### `patterns`
@ -364,7 +382,6 @@ Defaults to `settings.DEFAULT_AUTHENTICATION_CLASSES`
 May be used to specify the list of permission classes that will apply to the schema endpoint.
 Defaults to `settings.DEFAULT_PERMISSION_CLASSES`
 ## Using an explicit schema view
 If you need a little more control than the `get_schema_view()` shortcut gives you,
@ -386,7 +403,7 @@ return the schema.
    generator = schemas.SchemaGenerator(title='Bookings API')
    @api_view()
-    @renderer_classes([renderers.CoreJSONRenderer])
+    @renderer_classes([renderers.OpenAPIRenderer])
    def schema_view(request):
        schema = generator.get_schema(request)
        return response.Response(schema)
@ -408,7 +425,7 @@ In order to present a schema with endpoints filtered by user permissions,
 you need to pass the `request` argument to the `get_schema()` method, like so:
    @api_view()
-    @renderer_classes([renderers.CoreJSONRenderer])
+    @renderer_classes([renderers.OpenAPIRenderer])
    def schema_view(request):
        generator = schemas.SchemaGenerator(title='Bookings API')
        return response.Response(generator.get_schema(request=request))
@ -432,21 +449,10 @@ representation.
    )
    @api_view()
-    @renderer_classes([renderers.CoreJSONRenderer])
+    @renderer_classes([renderers.OpenAPIRenderer])
    def schema_view(request):
        return response.Response(schema)
 ## Static schema file
 A final option is to write your API schema as a static file, using one
 of the available formats, such as Core JSON or Open API.
 You could then either:
 * Write a schema definition as a static file, and [serve the static file directly][static-files].
 * Write a schema definition that is loaded using `Core API`, and then
  rendered to one of many available formats, depending on the client request.
 ---
 # Schemas as documentation
@ -535,7 +541,7 @@ Arguments:
 Returns a `coreapi.Document` instance that represents the API schema.
    @api_view
-    @renderer_classes([renderers.CoreJSONRenderer])
+    @renderer_classes([renderers.OpenAPIRenderer])
    def schema_view(request):
        generator = schemas.SchemaGenerator(title='Bookings API')
        return Response(generator.get_schema())
@ -829,12 +835,12 @@ in [OpenAPI][open-api] format.
 [cite]: https://blog.heroku.com/archives/2014/1/8/json_schema_for_heroku_platform_api
-[coreapi]: http://www.coreapi.org/
+[coreapi]: https://www.coreapi.org/
-[corejson]: http://www.coreapi.org/specification/encoding/#core-json-encoding
+[corejson]: https://www.coreapi.org/specification/encoding/#core-json-encoding
 [drf-yasg]: https://github.com/axnsan12/drf-yasg/
 [open-api]: https://openapis.org/
 [drf-openapi]: https://github.com/limdauto/drf_openapi
-[json-hyperschema]: http://json-schema.org/latest/json-schema-hypermedia.html
+[json-hyperschema]: https://json-schema.org/latest/json-schema-hypermedia.html
 [api-blueprint]: https://apiblueprint.org/
 [static-files]: https://docs.djangoproject.com/en/stable/howto/static-files/
 [named-arguments]: https://docs.djangoproject.com/en/stable/topics/http/urls/#named-groups
--- a/docs/api-guide/validators.md
+++ b/docs/api-guide/validators.md
@ -275,7 +275,7 @@ A validator may be any callable that raises a `serializers.ValidationError` on f
 You can specify custom field-level validation by adding `.validate_<field_name>` methods
 to your `Serializer` subclass. This is documented in the
-[Serializer docs](http://www.django-rest-framework.org/api-guide/serializers/#field-level-validation)
+[Serializer docs](https://www.django-rest-framework.org/api-guide/serializers/#field-level-validation)
 ## Class-based
--- a/docs/api-guide/viewsets.md
+++ b/docs/api-guide/viewsets.md
@ -127,7 +127,7 @@ You may inspect these attributes to adjust behaviour based on the current action
 ## Marking extra actions for routing
-If you have ad-hoc methods that should be routable, you can mark them as such with the `@action` decorator. Like regular actions, extra actions may be intended for either a list of objects, or a single instance. To indicate this, set the `detail` argument to `True` or `False`. The router will configure its URL patterns accordingly. e.g., the `DefaultRouter` will configure detail actions to contain `pk` in their URL patterns.
+If you have ad-hoc methods that should be routable, you can mark them as such with the `@action` decorator. Like regular actions, extra actions may be intended for either a single object, or an entire collection. To indicate this, set the `detail` argument to `True` or `False`. The router will configure its URL patterns accordingly. e.g., the `DefaultRouter` will configure detail actions to contain `pk` in their URL patterns.
 A more complete example of extra actions:
@ -158,7 +158,7 @@ A more complete example of extra actions:
        @action(detail=False)
        def recent_users(self, request):
-            recent_users = User.objects.all().order('-last_login')
+            recent_users = User.objects.all().order_by('-last_login')
            page = self.paginate_queryset(recent_users)
            if page is not None:
@ -174,7 +174,7 @@ The decorator can additionally take extra arguments that will be set for the rou
        def set_password(self, request, pk=None):
           ...
-These decorator will route `GET` requests by default, but may also accept other HTTP methods by setting the `methods` argument.  For example:
+The `action` decorator will route `GET` requests by default, but may also accept other HTTP methods by setting the `methods` argument.  For example:
        @action(detail=True, methods=['post', 'delete'])
        def unset_password(self, request, pk=None):
@ -186,7 +186,7 @@ To view all extra actions, call the `.get_extra_actions()` method.
 ### Routing additional HTTP methods for extra actions
-Extra actions can be mapped to different `ViewSet` methods. For example, the above password set/unset methods could be consolidated into a single route. Note that additional mappings do not accept arguments.
+Extra actions can map additional HTTP methods to separate `ViewSet` methods. For example, the above password set/unset methods could be consolidated into a single route. Note that additional mappings do not accept arguments.
 ```python
    @action(detail=True, methods=['put'], name='Change Password')
@ -314,5 +314,5 @@ To create a base viewset class that provides `create`, `list` and `retrieve` ope
 By creating your own base `ViewSet` classes, you can provide common behavior that can be reused in multiple viewsets across your API.
-[cite]: http://guides.rubyonrails.org/routing.html
+[cite]: https://guides.rubyonrails.org/routing.html
 [routers]: routers.md
--- a/docs/community/3.0-announcement.md
+++ b/docs/community/3.0-announcement.md
@ -960,6 +960,6 @@ The 3.2 release is planned to introduce an alternative admin-style interface to
 You can follow development on the GitHub site, where we use [milestones to indicate planning timescales](https://github.com/encode/django-rest-framework/milestones).
 [kickstarter]: https://www.kickstarter.com/projects/tomchristie/django-rest-framework-3
-[sponsors]: http://www.django-rest-framework.org/topics/kickstarter-announcement/#sponsors
+[sponsors]: https://www.django-rest-framework.org/topics/kickstarter-announcement/#sponsors
 [mixins.py]: https://github.com/encode/django-rest-framework/blob/master/rest_framework/mixins.py
 [django-localization]: https://docs.djangoproject.com/en/stable/topics/i18n/translation/#localization-how-to-create-language-files
--- a/docs/community/3.2-announcement.md
+++ b/docs/community/3.2-announcement.md
@ -10,7 +10,7 @@ We've also fixed a huge number of issues, and made numerous cleanups and improve
 Over the course of the 3.1.x series we've [resolved nearly 600 tickets](https://github.com/encode/django-rest-framework/issues?utf8=%E2%9C%93&q=closed%3A%3E2015-03-05) on our GitHub issue tracker. This means we're currently running at a rate of **closing around 100 issues or pull requests per month**.
-None of this would have been possible without the support of our wonderful Kickstarter backers. If you're looking for a job in Django development we'd strongly recommend taking [a look through our sponsors](http://www.django-rest-framework.org/topics/kickstarter-announcement/#sponsors) and finding out who's hiring.
+None of this would have been possible without the support of our wonderful Kickstarter backers. If you're looking for a job in Django development we'd strongly recommend taking [a look through our sponsors](https://www.django-rest-framework.org/topics/kickstarter-announcement/#sponsors) and finding out who's hiring.
 ## AdminRenderer
--- a/docs/community/3.4-announcement.md
+++ b/docs/community/3.4-announcement.md
@ -178,12 +178,12 @@ The full set of itemized release notes [are available here][release-notes].
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
 [moss]: mozilla-grant.md
 [funding]: funding.md
-[core-api]: http://www.coreapi.org/
+[core-api]: https://www.coreapi.org/
 [command-line-client]: api-clients#command-line-client
 [client-library]: api-clients#python-client-library
-[core-json]: http://www.coreapi.org/specification/encoding/#core-json-encoding
+[core-json]: https://www.coreapi.org/specification/encoding/#core-json-encoding
 [swagger]: https://openapis.org/specification
-[hyperschema]: http://json-schema.org/latest/json-schema-hypermedia.html
+[hyperschema]: https://json-schema.org/latest/json-schema-hypermedia.html
 [api-blueprint]: https://apiblueprint.org/
 [tut-7]: ../tutorial/7-schemas-and-client-libraries/
 [schema-generation]: ../api-guide/schemas/
--- a/docs/community/funding.md
+++ b/docs/community/funding.md
@ -123,10 +123,10 @@ REST framework continues to be open-source and permissively licensed, but we fir
 ## What funding has enabled so far
-* The [3.4](http://www.django-rest-framework.org/topics/3.4-announcement/) and [3.5](http://www.django-rest-framework.org/topics/3.5-announcement/) releases, including schema generation for both Swagger and RAML, a Python client library, a Command Line client, and addressing of a large number of outstanding issues.
+* The [3.4](https://www.django-rest-framework.org/topics/3.4-announcement/) and [3.5](https://www.django-rest-framework.org/topics/3.5-announcement/) releases, including schema generation for both Swagger and RAML, a Python client library, a Command Line client, and addressing of a large number of outstanding issues.
-* The [3.6](http://www.django-rest-framework.org/topics/3.6-announcement/) release, including  JavaScript client library, and API documentation, complete with auto-generated code samples.
+* The [3.6](https://www.django-rest-framework.org/topics/3.6-announcement/) release, including  JavaScript client library, and API documentation, complete with auto-generated code samples.
-* The [3.7 release](http://www.django-rest-framework.org/topics/3.7-announcement/), made possible due to our collaborative funding model, focuses on improvements to schema generation and the interactive API documentation.
+* The [3.7 release](https://www.django-rest-framework.org/topics/3.7-announcement/), made possible due to our collaborative funding model, focuses on improvements to schema generation and the interactive API documentation.
-* The recent [3.8 release](http://www.django-rest-framework.org/topics/3.8-announcement/).
+* The recent [3.8 release](https://www.django-rest-framework.org/topics/3.8-announcement/).
 * Tom Christie, the creator of Django REST framework, working on the project full-time.
 * Around 80-90 issues and pull requests closed per month since Tom Christie started working on the project full-time.
 * A community & operations manager position part-time for 4 months, helping mature the business and grow sponsorship.
@ -341,7 +341,7 @@ For further enquires please contact <a href=mailto:funding@django-rest-framework
 ## Accountability
-In an effort to keep the project as transparent as possible, we are releasing [monthly progress reports](http://www.encode.io/reports/march-2018) and regularly include financial reports and cost breakdowns.
+In an effort to keep the project as transparent as possible, we are releasing [monthly progress reports](https://www.encode.io/reports/march-2018) and regularly include financial reports and cost breakdowns.
 <!-- Begin MailChimp Signup Form -->
 <link href="//cdn-images.mailchimp.com/embedcode/classic-10_7.css" rel="stylesheet" type="text/css">
--- a/docs/community/kickstarter-announcement.md
+++ b/docs/community/kickstarter-announcement.md
@ -78,7 +78,7 @@ Our gold sponsors include companies large and small. Many thanks for their signi
 <li><a href="https://mirusresearch.com/" rel="nofollow" style="background-image:url(../../img/sponsors/2-mirus_research.png);">Mirus Research</a></li>
 <li><a href="https://hipolabs.com/" rel="nofollow" style="background-image:url(../../img/sponsors/2-hipo.png);">Hipo</a></li>
 <li><a href="https://www.byte.nl/" rel="nofollow" style="background-image:url(../../img/sponsors/2-byte.png);">Byte</a></li>
-<li><a href="http://lightningkite.com/" rel="nofollow" style="background-image:url(../../img/sponsors/2-lightning_kite.png);">Lightning Kite</a></li>
+<li><a href="https://www.lightningkite.com/" rel="nofollow" style="background-image:url(../../img/sponsors/2-lightning_kite.png);">Lightning Kite</a></li>
 <li><a href="https://opbeat.com/" rel="nofollow" style="background-image:url(../../img/sponsors/2-opbeat.png);">Opbeat</a></li>
 <li><a href="https://koordinates.com" rel="nofollow" style="background-image:url(../../img/sponsors/2-koordinates.png);">Koordinates</a></li>
 <li><a href="http://pulsecode.ca" rel="nofollow" style="background-image:url(../../img/sponsors/2-pulsecode.png);">Pulsecode Inc.</a></li>
@ -116,7 +116,7 @@ The serious financial contribution that our silver sponsors have made is very mu
 <li><a href="https://garfo.io/" rel="nofollow" style="background-image:url(../../img/sponsors/3-garfo.png);">Garfo</a></li>
 <li><a href="https://goshippo.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-shippo.png);">Shippo</a></li>
 <li><a href="http://www.gizmag.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-gizmag.png);">Gizmag</a></li>
-<li><a href="http://www.tivix.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-tivix.png);">Tivix</a></li>
+<li><a href="https://www.tivix.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-tivix.png);">Tivix</a></li>
 <li><a href="https://www.safaribooksonline.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-safari.png);">Safari</a></li>
 <li><a href="http://brightloop.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-brightloop.png);">Bright Loop</a></li>
 <li><a href="http://www.aba-systems.com.au/" rel="nofollow" style="background-image:url(../../img/sponsors/3-aba.png);">ABA Systems</a></li>
@ -131,7 +131,7 @@ The serious financial contribution that our silver sponsors have made is very mu
 <li><a href="https://fluxility.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-fluxility.png);">Fluxility</a></li>
 <li><a href="https://teonite.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-teonite.png);">Teonite</a></li>
 <li><a href="https://trackmaven.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-trackmaven.png);">TrackMaven</a></li>
-<li><a href="http://www.phurba.net/" rel="nofollow" style="background-image:url(../../img/sponsors/3-phurba.png);">Phurba</a></li>
+<li><a href="https://www.phurba.net/" rel="nofollow" style="background-image:url(../../img/sponsors/3-phurba.png);">Phurba</a></li>
 <li><a href="https://www.nephila.it/it/" rel="nofollow" style="background-image:url(../../img/sponsors/3-nephila.png);">Nephila</a></li>
 <li><a href="http://www.aditium.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-aditium.png);">Aditium</a></li>
 <li><a href="https://www.eyesopen.com/" rel="nofollow" style="background-image:url(../../img/sponsors/3-openeye.png);">OpenEye Scientific Software</a></li>
--- a/docs/community/mozilla-grant.md
+++ b/docs/community/mozilla-grant.md
@ -4,7 +4,7 @@ We have recently been [awarded a Mozilla grant](https://blog.mozilla.org/blog/20
 Additionally, we will be building on the realtime support that Django Channels provides, supporting and documenting how to build realtime APIs with REST framework. Again, this will include supporting work in the associated client libraries, making it easier to build richly interactive applications.
-The [Core API](http://www.coreapi.org) project will provide the foundations for our client library support, and will allow us to support interaction using a wide range of schemas and hypermedia formats. It's worth noting that these client libraries won't be tightly coupled to solely REST framework APIs either, and will be able to interact with *any* API that exposes a supported schema or hypermedia format.
+The [Core API](https://www.coreapi.org/) project will provide the foundations for our client library support, and will allow us to support interaction using a wide range of schemas and hypermedia formats. It's worth noting that these client libraries won't be tightly coupled to solely REST framework APIs either, and will be able to interact with *any* API that exposes a supported schema or hypermedia format.
 Specifically, the work includes:
@ -34,7 +34,7 @@ In order to ensure that I can be fully focused on trying to secure a sustainable
 & well-funded open source business I will be leaving my current role at [DabApps](https://www.dabapps.com/)
 at the end of May 2016.
-I have formed a UK limited company, [Encode](http://www.encode.io), which will
+I have formed a UK limited company, [Encode](https://www.encode.io/), which will
 act as the business entity behind REST framework. I will be issuing monthly reports
 from Encode on progress both towards the Mozilla grant, and for development time
 funded via the [REST framework paid plans](funding.md).
--- a/docs/community/project-management.md
+++ b/docs/community/project-management.md
@ -39,7 +39,7 @@ The following template should be used for the description of the issue, and serv
    This issue is for determining the maintenance team for the *** period.
-    Please see the [Project management](http://www.django-rest-framework.org/topics/project-management/) section of our documentation for more details.
+    Please see the [Project management](https://www.django-rest-framework.org/topics/project-management/) section of our documentation for more details.
    ---
@ -59,7 +59,7 @@ The following template should be used for the description of the issue, and serv
    If you wish to be considered for this or a future date, please comment against this or subsequent issues.
-    To modify this process for future maintenance cycles make a pull request to the [project management](http://www.django-rest-framework.org/topics/project-management/) documentation.
+    To modify this process for future maintenance cycles make a pull request to the [project management](https://www.django-rest-framework.org/topics/project-management/) documentation.
 #### Responsibilities of team members
@ -99,7 +99,7 @@ The following template should be used for the description of the issue, and serv
    During development cycle:
-    - [ ] Upload the new content to be translated to [transifex](http://www.django-rest-framework.org/topics/project-management/#translations).
+    - [ ] Upload the new content to be translated to [transifex](https://www.django-rest-framework.org/topics/project-management/#translations).
    Checklist:
@ -110,7 +110,7 @@ The following template should be used for the description of the issue, and serv
        - [ ] `setup.py` Python & Django version trove classifiers
        - [ ] `README` Python & Django versions
        - [ ] `docs` Python & Django versions
-    - [ ] Update the translations from [transifex](http://www.django-rest-framework.org/topics/project-management/#translations).
+    - [ ] Update the translations from [transifex](https://www.django-rest-framework.org/topics/project-management/#translations).
    - [ ] Ensure the pull request increments the version to `*.*.*` in [`restframework/__init__.py`](https://github.com/encode/django-rest-framework/blob/master/rest_framework/__init__.py).
    - [ ] Confirm with @tomchristie that release is finalized and ready to go.
    - [ ] Ensure that release date is included in pull request.
@ -122,7 +122,7 @@ The following template should be used for the description of the issue, and serv
    - [ ] Make a release announcement on twitter.
    - [ ] Close the milestone on GitHub.
-    To modify this process for future releases make a pull request to the [project management](http://www.django-rest-framework.org/topics/project-management/) documentation.
+    To modify this process for future releases make a pull request to the [project management](https://www.django-rest-framework.org/topics/project-management/) documentation.
 When pushing the release to PyPI ensure that your environment has been installed from our development `requirement.txt`, so that documentation and PyPI installs are consistently being built against a pinned set of packages.
@ -152,7 +152,7 @@ When any user visible strings are changed, they should be uploaded to Transifex
    # 1. Update the source django.po file, which is the US English version.
    cd rest_framework
-    django-admin.py makemessages -l en_US
+    django-admin makemessages -l en_US
    # 2. Push the source django.po file to Transifex.
    cd ..
    tx push -s
@ -173,7 +173,7 @@ When a translator has finished translating their work needs to be downloaded fro
    tx pull -a --minimum-perc 10
    cd rest_framework
    # 4. Compile the binary .mo files for all supported languages.
-    django-admin.py compilemessages
+    django-admin compilemessages
 ---
--- a/docs/community/release-notes.md
+++ b/docs/community/release-notes.md
@ -46,6 +46,7 @@ You can determine your currently installed version using `pip show`:
 * Deprecate the `Router.register` `base_name` argument in favor of `basename`. [#5990][gh5990]
 * Deprecate the `Router.get_default_base_name` method in favor of `Router.get_default_basename`. [#5990][gh5990]
 * Deprecate the `DjangoObjectPermissionsFilter` class, moved to the `djangorestframework-guardian` package. [#6075][gh6075]
 ## 3.8.x series
@ -1974,3 +1975,4 @@ For older release notes, [please see the version 2.x documentation][old-release-
 <!-- 3.9.0 -->
 [gh5990]: https://github.com/encode/django-rest-framework/issues/5990
 [gh6075]: https://github.com/encode/django-rest-framework/issues/6075
--- a/docs/community/tutorials-and-resources.md
+++ b/docs/community/tutorials-and-resources.md
@ -85,8 +85,8 @@ Want your Django REST Framework talk/tutorial/article to be added to our website
 [beginners-guide-to-the-django-rest-framework]: https://code.tutsplus.com/tutorials/beginners-guide-to-the-django-rest-framework--cms-19786
-[getting-started-with-django-rest-framework-and-angularjs]: http://blog.kevinastone.com/getting-started-with-django-rest-framework-and-angularjs.html
+[getting-started-with-django-rest-framework-and-angularjs]: https://blog.kevinastone.com/getting-started-with-django-rest-framework-and-angularjs.html
-[end-to-end-web-app-with-django-rest-framework-angularjs]: http://mourafiq.com/2013/07/01/end-to-end-web-app-with-django-angular-1.html
+[end-to-end-web-app-with-django-rest-framework-angularjs]: https://mourafiq.com/2013/07/01/end-to-end-web-app-with-django-angular-1.html
 [start-your-api-django-rest-framework-part-1]: https://godjango.com/41-start-your-api-django-rest-framework-part-1/
 [permissions-authentication-django-rest-framework-part-2]: https://godjango.com/43-permissions-authentication-django-rest-framework-part-2/
 [viewsets-and-routers-django-rest-framework-part-3]: https://godjango.com/45-viewsets-and-routers-django-rest-framework-part-3/
--- a/docs/img/premium/kloudless-readme.png
+++ b/docs/img/premium/kloudless-readme.png
--- a/docs/index.md
+++ b/docs/index.md
@ -72,10 +72,11 @@ continued development by **[signing up for a paid plan][funding]**.
    <li><a href="https://rollbar.com" style="background-image: url(https://fund-rest-framework.s3.amazonaws.com/rollbar2.png)">Rollbar</a></li>
    <li><a href="https://cadre.com" style="background-image: url(https://fund-rest-framework.s3.amazonaws.com/cadre.png)">Cadre</a></li>
    <li><a href="https://loadimpact.com/?utm_campaign=Sponsorship%20links&utm_source=drf&utm_medium=drf" style="background-image: url(https://fund-rest-framework.s3.amazonaws.com/load-impact.png)">Load Impact</a></li>
    <li><a href="https://hubs.ly/H0f30Lf0" style="background-image: url(https://fund-rest-framework.s3.amazonaws.com/kloudless.png)">Kloudless</a></li>
 </ul>
 <div style="clear: both; padding-bottom: 20px;"></div>
-*Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Rover](http://jobs.rover.com/), [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=drf&utm_medium=banner&utm_campaign=drf), [Rollbar](https://rollbar.com), [Cadre](https://cadre.com), and [Load Impact](https://loadimpact.com/?utm_campaign=Sponsorship%20links&utm_source=drf&utm_medium=drf).*
+*Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Rover](http://jobs.rover.com/), [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=drf&utm_medium=banner&utm_campaign=drf), [Rollbar](https://rollbar.com), [Cadre](https://cadre.com), [Load Impact](https://loadimpact.com/?utm_campaign=Sponsorship%20links&utm_source=drf&utm_medium=drf), and [Kloudless](https://hubs.ly/H0f30Lf0).*
 ---
@ -200,17 +201,22 @@ Send a description of the issue via email to [rest-framework-security@googlegrou
 ## License
-Copyright (c) 2011-2017, Tom Christie
+Copyright © 2011-present, [Encode OSS Ltd](https://www.encode.io/).
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
-Redistributions of source code must retain the above copyright notice, this
+* Redistributions of source code must retain the above copyright notice, this
  list of conditions and the following disclaimer.
-Redistributions in binary form must reproduce the above copyright notice, this
+
-list of conditions and the following disclaimer in the documentation and/or
+* Redistributions in binary form must reproduce the above copyright notice,
-other materials provided with the distribution.
+  this list of conditions and the following disclaimer in the documentation
  and/or other materials provided with the distribution.
 * Neither the name of the copyright holder nor the names of its
  contributors may be used to endorse or promote products derived from
  this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
--- a/docs/topics/api-clients.md
+++ b/docs/topics/api-clients.md
@ -521,7 +521,7 @@ You'll either want to include the API schema in your codebase directly, by copyi
    })
 [heroku-api]: https://devcenter.heroku.com/categories/platform-api
-[heroku-example]: http://www.coreapi.org/tools-and-resources/example-services/#heroku-json-hyper-schema
+[heroku-example]: https://www.coreapi.org/tools-and-resources/example-services/#heroku-json-hyper-schema
-[core-api]: http://www.coreapi.org/
+[core-api]: https://www.coreapi.org/
 [schema-generation]: ../api-guide/schemas.md
 [transport-adaptors]: http://docs.python-requests.org/en/master/user/advanced/#transport-adapters
--- a/docs/topics/browser-enhancements.md
+++ b/docs/topics/browser-enhancements.md
@ -82,6 +82,6 @@ as well as how to support content types other than form-encoded data.
 [cite]: https://www.amazon.com/RESTful-Web-Services-Leonard-Richardson/dp/0596529260
 [ajax-form]: https://github.com/encode/ajax-form
-[rails]: http://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-put-or-delete-methods-work
+[rails]: https://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-put-or-delete-methods-work
 [html5]: https://www.w3.org/TR/html5-diff/#changes-2010-06-24
 [put_delete]: http://amundsen.com/examples/put-delete-forms/
--- a/docs/topics/documenting-your-api.md
+++ b/docs/topics/documenting-your-api.md
@ -90,6 +90,28 @@ When using viewsets, you should use the relevant action names as delimiters.
        Create a new user instance.
        """
 Custom actions on viewsets can also be documented in a similar way using the method names
 as delimiters or by attaching the documentation to action mapping methods.
    class UserViewSet(viewsets.ModelViewset):
        ...
        @action(detail=False, methods=['get', 'post'])
        def some_action(self, request, *args, **kwargs):
            """
            get:
            A description of the get method on the custom action.
            post:
            A description of the post method on the custom action.
            """
        @some_action.mapping.put
        def put_some_action():
            """
            A description of the put method on the custom action.
            """
 ### `documentation` API Reference
@ -313,7 +335,7 @@ In this approach, rather than documenting the available API endpoints up front,
 To implement a hypermedia API you'll need to decide on an appropriate media type for the API, and implement a custom renderer and parser for that media type.  The [REST, Hypermedia & HATEOAS][hypermedia-docs] section of the documentation includes pointers to background reading, as well as links to various hypermedia formats.
-[cite]: http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
+[cite]: https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
 [drf-yasg]: https://github.com/axnsan12/drf-yasg/
 [image-drf-yasg]: ../img/drf-yasg.png
 [drf-openapi]: https://github.com/limdauto/drf_openapi/
--- a/docs/topics/rest-hypermedia-hateoas.md
+++ b/docs/topics/rest-hypermedia-hateoas.md
@ -36,7 +36,7 @@ What REST framework doesn't do is give you machine readable hypermedia formats s
 [cite]: https://vimeo.com/channels/restfest/page:2
 [dissertation]: https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
-[hypertext-driven]: http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
+[hypertext-driven]: https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
 [restful-web-apis]: http://restfulwebapis.org/
 [building-hypermedia-apis]: https://www.amazon.com/Building-Hypermedia-APIs-HTML5-Node/dp/1449306578
 [designing-hypermedia-apis]: http://designinghypermediaapis.com/
--- a/docs/tutorial/1-serialization.md
+++ b/docs/tutorial/1-serialization.md
@ -33,7 +33,7 @@ Okay, we're ready to get coding.
 To get started, let's create a new project to work with.
    cd ~
-    django-admin.py startproject tutorial
+    django-admin startproject tutorial
    cd tutorial
 Once that's done we can create an app that we'll use to create a simple Web API.
--- a/docs/tutorial/7-schemas-and-client-libraries.md
+++ b/docs/tutorial/7-schemas-and-client-libraries.md
@ -89,7 +89,7 @@ Now check that it is available on the command line...
      Command line client for interacting with CoreAPI services.
-      Visit http://www.coreapi.org for more information.
+      Visit https://www.coreapi.org/ for more information.
    Options:
      --version  Display the package version number.
@ -220,8 +220,8 @@ We've reached the end of our tutorial.  If you want to get more involved in the
 **Now go build awesome things.**
-[coreapi]: http://www.coreapi.org
+[coreapi]: https://www.coreapi.org/
-[corejson]: http://www.coreapi.org/specification/encoding/#core-json-encoding
+[corejson]: https://www.coreapi.org/specification/encoding/#core-json-encoding
 [openapi]: https://openapis.org/
 [repo]: https://github.com/encode/rest-framework-tutorial
 [sandbox]: https://restframework.herokuapp.com/
--- a/docs/tutorial/quickstart.md
+++ b/docs/tutorial/quickstart.md
@ -19,9 +19,9 @@ Create a new Django project named `tutorial`, then start a new app called `quick
    pip install djangorestframework
    # Set up a new project with a single application
-    django-admin.py startproject tutorial .  # Note the trailing '.' character
+    django-admin startproject tutorial .  # Note the trailing '.' character
    cd tutorial
-    django-admin.py startapp quickstart
+    django-admin startapp quickstart
    cd ..
 The project layout should look like:
--- a/docs_theme/404.html
+++ b/docs_theme/404.html
@ -4,6 +4,6 @@
  <h1 id="404-page-not-found" style="text-align: center">404</h1>
  <p style="text-align: center"><strong>Page not found</strong></p>
-  <p style="text-align: center">Try the <a href="http://www.django-rest-framework.org/">homepage</a>, or <a href="#searchModal" data-toggle="modal">search the documentation</a>.</p>
+  <p style="text-align: center">Try the <a href="https://www.django-rest-framework.org/">homepage</a>, or <a href="#searchModal" data-toggle="modal">search the documentation</a>.</p>
 {% endblock %}
--- a/docs_theme/css/bootstrap-responsive.css
+++ b/docs_theme/css/bootstrap-responsive.css
@ -3,7 +3,7 @@
 *
 * Copyright 2012 Twitter, Inc
 * Licensed under the Apache License v2.0
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
 *
 * Designed and built with all the love in the world @twitter by @mdo and @fat.
 */
--- a/docs_theme/css/bootstrap.css
+++ b/docs_theme/css/bootstrap.css
@ -3,7 +3,7 @@
 *
 * Copyright 2012 Twitter, Inc
 * Licensed under the Apache License v2.0
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
 *
 * Designed and built with all the love in the world @twitter by @mdo and @fat.
 */
--- a/docs_theme/nav.html
+++ b/docs_theme/nav.html
@ -14,7 +14,7 @@
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </a>
-          <a class="brand" href="http://www.django-rest-framework.org">Django REST framework</a>
+          <a class="brand" href="https://www.django-rest-framework.org/">Django REST framework</a>
          <div class="nav-collapse collapse">
            {% if nav|length>1 %}
            <!-- Main navigation -->
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -1,5 +1,5 @@
 site_name: Django REST framework
-site_url: http://www.django-rest-framework.org/
+site_url: https://www.django-rest-framework.org/
 site_description: Django REST framework - Web APIs for Django
 repo_url: https://github.com/encode/django-rest-framework
--- a/requirements/requirements-optionals.txt
+++ b/requirements/requirements-optionals.txt
@ -5,3 +5,4 @@ django-guardian==1.4.9
 django-filter==1.1.0
 coreapi==2.3.1
 coreschema==0.0.4
 pyyaml
--- a/rest_framework/compat.py
+++ b/rest_framework/compat.py
@ -11,12 +11,19 @@ from django.utils import six
 from django.views.generic import View
 try:
-    # Python 3 (required for 3.8+)
+    # Python 3
    from collections.abc import Mapping   # noqa
 except ImportError:
    # Python 2.7
    from collections import Mapping   # noqa
 try:
    # Python 3
    import urllib.parse as urlparse   # noqa
 except ImportError:
    # Python 2.7
    from urlparse import urlparse   # noqa
 try:
    from django.urls import (  # noqa
        URLPattern,
@ -29,6 +36,11 @@ except ImportError:
        RegexURLResolver as URLResolver,
    )
 try:
    from django.core.validators import ProhibitNullCharactersValidator  # noqa
 except ImportError:
    ProhibitNullCharactersValidator = None
 def get_original_route(urlpattern):
    """
@ -131,6 +143,13 @@ except ImportError:
    coreschema = None
 # pyyaml is optional
 try:
    import yaml
 except ImportError:
    yaml = None
 # django-crispy-forms is optional
 try:
    import crispy_forms
--- a/rest_framework/decorators.py
+++ b/rest_framework/decorators.py
@ -131,7 +131,7 @@ def schema(view_inspector):
    return decorator
-def action(methods=None, detail=None, name=None, url_path=None, url_name=None, **kwargs):
+def action(methods=None, detail=None, url_path=None, url_name=None, **kwargs):
    """
    Mark a ViewSet method as a routable action.
@ -145,18 +145,22 @@ def action(methods=None, detail=None, name=None, url_path=None, url_name=None, *
        "@action() missing required argument: 'detail'"
    )
    # name and suffix are mutually exclusive
    if 'name' in kwargs and 'suffix' in kwargs:
        raise TypeError("`name` and `suffix` are mutually exclusive arguments.")
    def decorator(func):
        func.mapping = MethodMapper(func, methods)
        func.detail = detail
        func.name = name if name else pretty_name(func.__name__)
        func.url_path = url_path if url_path else func.__name__
        func.url_name = url_name if url_name else func.__name__.replace('_', '-')
        func.kwargs = kwargs
-        func.kwargs.update({
+
-            'name': func.name,
+        # Set descriptive arguments for viewsets
-            'description': func.__doc__ or None
+        if 'name' not in kwargs and 'suffix' not in kwargs:
-        })
+            func.kwargs['name'] = pretty_name(func.__name__)
        func.kwargs['description'] = func.__doc__ or None
        return func
    return decorator
--- a/rest_framework/fields.py
+++ b/rest_framework/fields.py
@ -34,7 +34,8 @@ from pytz.exceptions import InvalidTimeError
 from rest_framework import ISO_8601
 from rest_framework.compat import (
    MaxLengthValidator, MaxValueValidator, MinLengthValidator,
-    MinValueValidator, unicode_repr, unicode_to_repr
+    MinValueValidator, ProhibitNullCharactersValidator, unicode_repr,
    unicode_to_repr
 )
 from rest_framework.exceptions import ErrorDetail, ValidationError
 from rest_framework.settings import api_settings
@ -755,7 +756,7 @@ class CharField(Field):
        'invalid': _('Not a valid string.'),
        'blank': _('This field may not be blank.'),
        'max_length': _('Ensure this field has no more than {max_length} characters.'),
-        'min_length': _('Ensure this field has at least {min_length} characters.')
+        'min_length': _('Ensure this field has at least {min_length} characters.'),
    }
    initial = ''
@ -778,6 +779,10 @@ class CharField(Field):
            self.validators.append(
                MinLengthValidator(self.min_length, message=message))
        # ProhibitNullCharactersValidator is None on Django < 2.0
        if ProhibitNullCharactersValidator is not None:
            self.validators.append(ProhibitNullCharactersValidator())
    def run_validation(self, data=empty):
        # Test for the empty string here so that it does not get validated,
        # and so that subclasses do not need to handle it explicitly
--- a/rest_framework/filters.py
+++ b/rest_framework/filters.py
@ -5,6 +5,7 @@ returned by list views.
 from __future__ import unicode_literals
 import operator
 import warnings
 from functools import reduce
 from django.core.exceptions import ImproperlyConfigured
@ -284,6 +285,11 @@ class DjangoObjectPermissionsFilter(BaseFilterBackend):
    has read object level permissions.
    """
    def __init__(self):
        warnings.warn(
            "`DjangoObjectPermissionsFilter` has been deprecated and moved to "
            "the 3rd-party django-rest-framework-guardian package.",
            DeprecationWarning, stacklevel=2
        )
        assert is_guardian_installed(), 'Using DjangoObjectPermissionsFilter, but django-guardian is not installed'
    perm_format = '%(app_label)s.view_%(model_name)s'
--- a/rest_framework/management/init.py
+++ b/rest_framework/management/init.py
--- a/rest_framework/management/commands/init.py
+++ b/rest_framework/management/commands/init.py
--- a/rest_framework/management/commands/generateschema.py
+++ b/rest_framework/management/commands/generateschema.py
@ -0,0 +1,39 @@
 from django.core.management.base import BaseCommand
 from rest_framework.compat import coreapi
 from rest_framework.renderers import (
    CoreJSONRenderer, JSONOpenAPIRenderer, OpenAPIRenderer
 )
 from rest_framework.schemas.generators import SchemaGenerator
 class Command(BaseCommand):
    help = "Generates configured API schema for project."
    def add_arguments(self, parser):
        parser.add_argument('--title', dest="title", default=None, type=str)
        parser.add_argument('--url', dest="url", default=None, type=str)
        parser.add_argument('--description', dest="description", default=None, type=str)
        parser.add_argument('--format', dest="format", choices=['openapi', 'openapi-json', 'corejson'], default='openapi', type=str)
    def handle(self, *args, **options):
        assert coreapi is not None, 'coreapi must be installed.'
        generator = SchemaGenerator(
            url=options['url'],
            title=options['title'],
            description=options['description']
        )
        schema = generator.get_schema(request=None, public=True)
        renderer = self.get_renderer(options['format'])
        output = renderer.render(schema, renderer_context={})
        self.stdout.write(output.decode('utf-8'))
    def get_renderer(self, format):
        return {
            'corejson': CoreJSONRenderer(),
            'openapi': OpenAPIRenderer(),
            'openapi-json': JSONOpenAPIRenderer()
        }[format]
--- a/rest_framework/pagination.py
+++ b/rest_framework/pagination.py
@ -472,7 +472,7 @@ class CursorPagination(BasePagination):
    """
    The cursor pagination implementation is necessarily complex.
    For an overview of the position/offset style we use, see this post:
-    http://cra.mr/2011/03/08/building-cursors-for-the-disqus-api
+    https://cra.mr/2011/03/08/building-cursors-for-the-disqus-api
    """
    cursor_query_param = 'cursor'
    cursor_query_description = _('The pagination cursor value.')
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@ -4,12 +4,76 @@ Provides a set of pluggable permission policies.
 from __future__ import unicode_literals
 from django.http import Http404
 from django.utils import six
 from rest_framework import exceptions
 SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS')
 class OperandHolder:
    def __init__(self, operator_class, op1_class, op2_class):
        self.operator_class = operator_class
        self.op1_class = op1_class
        self.op2_class = op2_class
    def __call__(self, *args, **kwargs):
        op1 = self.op1_class(*args, **kwargs)
        op2 = self.op2_class(*args, **kwargs)
        return self.operator_class(op1, op2)
 class AND:
    def __init__(self, op1, op2):
        self.op1 = op1
        self.op2 = op2
    def has_permission(self, request, view):
        return (
            self.op1.has_permission(request, view) &
            self.op2.has_permission(request, view)
        )
    def has_object_permission(self, request, view, obj):
        return (
            self.op1.has_object_permission(request, view, obj) &
            self.op2.has_object_permission(request, view, obj)
        )
 class OR:
    def __init__(self, op1, op2):
        self.op1 = op1
        self.op2 = op2
    def has_permission(self, request, view):
        return (
            self.op1.has_permission(request, view) |
            self.op2.has_permission(request, view)
        )
    def has_object_permission(self, request, view, obj):
        return (
            self.op1.has_object_permission(request, view, obj) |
            self.op2.has_object_permission(request, view, obj)
        )
 class BasePermissionMetaclass(type):
    def __and__(cls, other):
        return OperandHolder(AND, cls, other)
    def __or__(cls, other):
        return OperandHolder(OR, cls, other)
    def __rand__(cls, other):
        return OperandHolder(AND, other, cls)
    def __ror__(cls, other):
        return OperandHolder(OR, other, cls)
@six.add_metaclass(BasePermissionMetaclass)
 class BasePermission(object):
    """
    A base class from which all permission classes should inherit.
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@ -24,8 +24,8 @@ from django.utils.html import mark_safe
 from rest_framework import VERSION, exceptions, serializers, status
 from rest_framework.compat import (
-    INDENT_SEPARATORS, LONG_SEPARATORS, SHORT_SEPARATORS, coreapi,
+    INDENT_SEPARATORS, LONG_SEPARATORS, SHORT_SEPARATORS, coreapi, coreschema,
-    pygments_css
+    pygments_css, urlparse, yaml
 )
 from rest_framework.exceptions import ParseError
 from rest_framework.request import is_form_media_type, override_method
@ -932,3 +932,119 @@ class CoreJSONRenderer(BaseRenderer):
        indent = bool(renderer_context.get('indent', 0))
        codec = coreapi.codecs.CoreJSONCodec()
        return codec.dump(data, indent=indent)
 class _BaseOpenAPIRenderer:
    def get_schema(self, instance):
        CLASS_TO_TYPENAME = {
            coreschema.Object: 'object',
            coreschema.Array: 'array',
            coreschema.Number: 'number',
            coreschema.Integer: 'integer',
            coreschema.String: 'string',
            coreschema.Boolean: 'boolean',
        }
        schema = {}
        if instance.__class__ in CLASS_TO_TYPENAME:
            schema['type'] = CLASS_TO_TYPENAME[instance.__class__]
        schema['title'] = instance.title,
        schema['description'] = instance.description
        if hasattr(instance, 'enum'):
            schema['enum'] = instance.enum
        return schema
    def get_parameters(self, link):
        parameters = []
        for field in link.fields:
            if field.location not in ['path', 'query']:
                continue
            parameter = {
                'name': field.name,
                'in': field.location,
            }
            if field.required:
                parameter['required'] = True
            if field.description:
                parameter['description'] = field.description
            if field.schema:
                parameter['schema'] = self.get_schema(field.schema)
            parameters.append(parameter)
        return parameters
    def get_operation(self, link, name, tag):
        operation_id = "%s_%s" % (tag, name) if tag else name
        parameters = self.get_parameters(link)
        operation = {
            'operationId': operation_id,
        }
        if link.title:
            operation['summary'] = link.title
        if link.description:
            operation['description'] = link.description
        if parameters:
            operation['parameters'] = parameters
        if tag:
            operation['tags'] = [tag]
        return operation
    def get_paths(self, document):
        paths = {}
        tag = None
        for name, link in document.links.items():
            path = urlparse.urlparse(link.url).path
            method = link.action.lower()
            paths.setdefault(path, {})
            paths[path][method] = self.get_operation(link, name, tag=tag)
        for tag, section in document.data.items():
            for name, link in section.links.items():
                path = urlparse.urlparse(link.url).path
                method = link.action.lower()
                paths.setdefault(path, {})
                paths[path][method] = self.get_operation(link, name, tag=tag)
        return paths
    def get_structure(self, data):
        return {
            'openapi': '3.0.0',
            'info': {
                'version': '',
                'title': data.title,
                'description': data.description
            },
            'servers': [{
                'url': data.url
            }],
            'paths': self.get_paths(data)
        }
 class OpenAPIRenderer(_BaseOpenAPIRenderer):
    media_type = 'application/vnd.oai.openapi'
    charset = None
    format = 'openapi'
    def __init__(self):
        assert coreapi, 'Using OpenAPIRenderer, but `coreapi` is not installed.'
        assert yaml, 'Using OpenAPIRenderer, but `pyyaml` is not installed.'
    def render(self, data, media_type=None, renderer_context=None):
        structure = self.get_structure(data)
        return yaml.dump(structure, default_flow_style=False).encode('utf-8')
 class JSONOpenAPIRenderer(_BaseOpenAPIRenderer):
    media_type = 'application/vnd.oai.openapi+json'
    charset = None
    format = 'openapi-json'
    def __init__(self):
        assert coreapi, 'Using JSONOpenAPIRenderer, but `coreapi` is not installed.'
    def render(self, data, media_type=None, renderer_context=None):
        structure = self.get_structure(data)
        return json.dumps(structure, indent=4).encode('utf-8')
--- a/rest_framework/schemas/inspectors.py
+++ b/rest_framework/schemas/inspectors.py
@ -247,9 +247,11 @@ class AutoSchema(ViewInspector):
        method_docstring = getattr(view, method_name, None).__doc__
        if method_docstring:
            # An explicit docstring on the method or action.
-            return formatting.dedent(smart_text(method_docstring))
+            return self._get_description_section(view, method.lower(), formatting.dedent(smart_text(method_docstring)))
        else:
            return self._get_description_section(view, getattr(view, 'action', method.lower()), view.get_view_description())
-        description = view.get_view_description()
+    def _get_description_section(self, view, header, description):
        lines = [line for line in description.splitlines()]
        current_section = ''
        sections = {'': ''}
@ -263,7 +265,6 @@ class AutoSchema(ViewInspector):
        # TODO: SCHEMA_COERCE_METHOD_NAMES appears here and in `SchemaGenerator.get_keys`
        coerce_method_names = api_settings.SCHEMA_COERCE_METHOD_NAMES
        header = getattr(view, 'action', method.lower())
        if header in sections:
            return sections[header].strip()
        if header in coerce_method_names:
--- a/rest_framework/schemas/views.py
+++ b/rest_framework/schemas/views.py
@ -19,13 +19,12 @@ class SchemaView(APIView):
    def __init__(self, *args, **kwargs):
        super(SchemaView, self).__init__(*args, **kwargs)
        if self.renderer_classes is None:
            if renderers.BrowsableAPIRenderer in api_settings.DEFAULT_RENDERER_CLASSES:
            self.renderer_classes = [
-                    renderers.CoreJSONRenderer,
+                renderers.OpenAPIRenderer,
-                    renderers.BrowsableAPIRenderer,
+                renderers.CoreJSONRenderer
            ]
-            else:
+            if renderers.BrowsableAPIRenderer in api_settings.DEFAULT_RENDERER_CLASSES:
-                self.renderer_classes = [renderers.CoreJSONRenderer]
+                self.renderer_classes += [renderers.BrowsableAPIRenderer]
    def get(self, request, *args, **kwargs):
        schema = self.schema_generator.get_schema(request, self.public)
--- a/rest_framework/settings.py
+++ b/rest_framework/settings.py
@ -232,7 +232,7 @@ class APISettings(object):
        return val
    def __check_user_settings(self, user_settings):
-        SETTINGS_DOC = "http://www.django-rest-framework.org/api-guide/settings/"
+        SETTINGS_DOC = "https://www.django-rest-framework.org/api-guide/settings/"
        for setting in REMOVED_SETTINGS:
            if setting in user_settings:
                raise RuntimeError("The '%s' setting has been removed. Please refer to '%s' for available settings." % (setting, SETTINGS_DOC))
--- a/rest_framework/templates/rest_framework/admin.html
+++ b/rest_framework/templates/rest_framework/admin.html
@ -34,7 +34,7 @@
              <div class="container">
                <span>
                  {% block branding %}
-                    <a class='navbar-brand' rel="nofollow" href='http://www.django-rest-framework.org'>
+                    <a class='navbar-brand' rel="nofollow" href='https://www.django-rest-framework.org/'>
                      Django REST framework
                    </a>
                  {% endblock %}
--- a/rest_framework/templates/rest_framework/base.html
+++ b/rest_framework/templates/rest_framework/base.html
@ -38,7 +38,7 @@
          <div class="container">
            <span>
              {% block branding %}
-                <a class='navbar-brand' rel="nofollow" href='http://www.django-rest-framework.org'>
+                <a class='navbar-brand' rel="nofollow" href='https://www.django-rest-framework.org/'>
                    Django REST framework
                </a>
              {% endblock %}
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@ -314,7 +314,7 @@ def smart_urlquote_wrapper(matched_url):
        return None
-@register.filter
+@register.filter(needs_autoescape=True)
 def urlize_quoted_links(text, trim_url_limit=None, nofollow=True, autoescape=True):
    """
    Converts any URLs in text into clickable links.
--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@ -23,7 +23,7 @@ from rest_framework.utils import formatting
 def get_view_name(view):
    """
-    Given a view class, return a textual name to represent the view.
+    Given a view instance, return a textual name to represent the view.
    This name is used in the browsable API, and in OPTIONS responses.
    This function is the default for the `VIEW_NAME_FUNCTION` setting.
@ -48,7 +48,7 @@ def get_view_name(view):
 def get_view_description(view, html=False):
    """
-    Given a view class, return a textual description to represent the view.
+    Given a view instance, return a textual description to represent the view.
    This name is used in the browsable API, and in OPTIONS responses.
    This function is the default for the `VIEW_DESCRIPTION_FUNCTION` setting.
--- a/rest_framework/viewsets.py
+++ b/rest_framework/viewsets.py
@ -183,7 +183,8 @@ class ViewSetMixin(object):
            try:
                url_name = '%s-%s' % (self.basename, action.url_name)
                url = reverse(url_name, self.args, self.kwargs, request=self.request)
-                action_urls[action.name] = url
+                view = self.__class__(**action.kwargs)
                action_urls[view.get_view_name()] = url
            except NoReverseMatch:
                pass  # URL requires additional arguments, ignore
--- a/setup.py
+++ b/setup.py
@ -42,7 +42,7 @@ if sys.argv[-1] == 'publish':
 setup(
    name='djangorestframework',
    version=version,
-    url='http://www.django-rest-framework.org',
+    url='https://www.django-rest-framework.org/',
    license='BSD',
    description='Web APIs for Django, made easy.',
    long_description=read('README.md'),
--- a/tests/test_decorators.py
+++ b/tests/test_decorators.py
@ -179,7 +179,6 @@ class ActionDecoratorTestCase(TestCase):
        assert test_action.mapping == {'get': 'test_action'}
        assert test_action.detail is True
        assert test_action.name == 'Test action'
        assert test_action.url_path == 'test_action'
        assert test_action.url_name == 'test-action'
        assert test_action.kwargs == {
@ -213,6 +212,47 @@ class ActionDecoratorTestCase(TestCase):
        for name in APIView.http_method_names:
            assert test_action.mapping[name] == name
    def test_view_name_kwargs(self):
        """
        'name' and 'suffix' are mutually exclusive kwargs used for generating
        a view's display name.
        """
        # by default, generate name from method
        @action(detail=True)
        def test_action(request):
            raise NotImplementedError
        assert test_action.kwargs == {
            'description': None,
            'name': 'Test action',
        }
        # name kwarg supersedes name generation
        @action(detail=True, name='test name')
        def test_action(request):
            raise NotImplementedError
        assert test_action.kwargs == {
            'description': None,
            'name': 'test name',
        }
        # suffix kwarg supersedes name generation
        @action(detail=True, suffix='Suffix')
        def test_action(request):
            raise NotImplementedError
        assert test_action.kwargs == {
            'description': None,
            'suffix': 'Suffix',
        }
        # name + suffix is a conflict.
        with pytest.raises(TypeError) as excinfo:
            action(detail=True, name='test name', suffix='Suffix')
        assert str(excinfo.value) == "`name` and `suffix` are mutually exclusive arguments."
    def test_method_mapping(self):
        @action(detail=False)
        def test_action(request):
@ -223,7 +263,7 @@ class ActionDecoratorTestCase(TestCase):
            raise NotImplementedError
        # The secondary handler methods should not have the action attributes
-        for name in ['mapping', 'detail', 'name', 'url_path', 'url_name', 'kwargs']:
+        for name in ['mapping', 'detail', 'url_path', 'url_name', 'kwargs']:
            assert hasattr(test_action, name) and not hasattr(test_action_post, name)
    def test_method_mapping_already_mapped(self):
--- a/tests/test_fields.py
+++ b/tests/test_fields.py
@ -15,6 +15,7 @@ from django.utils.timezone import activate, deactivate, override, utc
 import rest_framework
 from rest_framework import exceptions, serializers
 from rest_framework.compat import ProhibitNullCharactersValidator
 from rest_framework.fields import DjangoImageField, is_simple_callable
 try:
@ -728,6 +729,17 @@ class TestCharField(FieldValues):
            field.run_validation('   ')
        assert exc_info.value.detail == ['This field may not be blank.']
    @pytest.mark.skipif(ProhibitNullCharactersValidator is None, reason="Skipped on Django < 2.0")
    def test_null_bytes(self):
        field = serializers.CharField()
        for value in ('\0', 'foo\0', '\0foo', 'foo\0foo'):
            with pytest.raises(serializers.ValidationError) as exc_info:
                field.run_validation(value)
            assert exc_info.value.detail == [
                'Null characters are not allowed.'
            ]
 class TestEmailField(FieldValues):
    """
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -2,6 +2,7 @@ from __future__ import unicode_literals
 import base64
 import unittest
 import warnings
 import django
 from django.contrib.auth.models import Group, Permission, User
@ -417,9 +418,23 @@ class ObjectPermissionsIntegrationTests(TestCase):
        self.assertEqual(response.status_code, status.HTTP_200_OK)
    # Read list
    def test_django_object_permissions_filter_deprecated(self):
        with warnings.catch_warnings(record=True) as w:
            warnings.simplefilter("always")
            DjangoObjectPermissionsFilter()
        message = ("`DjangoObjectPermissionsFilter` has been deprecated and moved "
                   "to the 3rd-party django-rest-framework-guardian package.")
        self.assertEqual(len(w), 1)
        self.assertIs(w[-1].category, DeprecationWarning)
        self.assertEqual(str(w[-1].message), message)
    def test_can_read_list_permissions(self):
        request = factory.get('/', HTTP_AUTHORIZATION=self.credentials['readonly'])
        object_permissions_list_view.cls.filter_backends = (DjangoObjectPermissionsFilter,)
        # TODO: remove in version 3.10
        with warnings.catch_warnings(record=True):
            warnings.simplefilter("always")
            response = object_permissions_list_view(request)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(response.data[0].get('id'), 1)
@ -427,6 +442,9 @@ class ObjectPermissionsIntegrationTests(TestCase):
    def test_cannot_read_list_permissions(self):
        request = factory.get('/', HTTP_AUTHORIZATION=self.credentials['writeonly'])
        object_permissions_list_view.cls.filter_backends = (DjangoObjectPermissionsFilter,)
        # TODO: remove in version 3.10
        with warnings.catch_warnings(record=True):
            warnings.simplefilter("always")
            response = object_permissions_list_view(request)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertListEqual(response.data, [])
@ -555,3 +573,44 @@ class IsAuthenticatedOrOptionsOnlyAllowedTests(TestCase):
        self.request = factory.get('/1', format='json', HTTP_AUTHORIZATION=credentials)
        response = options_view(self.request, pk=1)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
 class FakeUser:
    def __init__(self, auth=False):
        self.is_authenticated = auth
 class PermissionsCompositionTests(TestCase):
    def test_and_false(self):
        request = factory.get('/1', format='json')
        request.user = FakeUser(auth=False)
        composed_perm = permissions.IsAuthenticated & permissions.AllowAny
        assert composed_perm().has_permission(request, None) is False
    def test_and_true(self):
        request = factory.get('/1', format='json')
        request.user = FakeUser(auth=True)
        composed_perm = permissions.IsAuthenticated & permissions.AllowAny
        assert composed_perm().has_permission(request, None) is True
    def test_or_false(self):
        request = factory.get('/1', format='json')
        request.user = FakeUser(auth=False)
        composed_perm = permissions.IsAuthenticated | permissions.AllowAny
        assert composed_perm().has_permission(request, None) is True
    def test_or_true(self):
        request = factory.get('/1', format='json')
        request.user = FakeUser(auth=True)
        composed_perm = permissions.IsAuthenticated | permissions.AllowAny
        assert composed_perm().has_permission(request, None) is True
    def test_several_levels(self):
        request = factory.get('/1', format='json')
        request.user = FakeUser(auth=True)
        composed_perm = (
            permissions.IsAuthenticated &
            permissions.IsAuthenticated &
            permissions.IsAuthenticated &
            permissions.IsAuthenticated
        )
        assert composed_perm().has_permission(request, None) is True
--- a/tests/test_schemas.py
+++ b/tests/test_schemas.py
@ -114,6 +114,24 @@ class ExampleViewSet(ModelViewSet):
        assert self.action
        return super(ExampleViewSet, self).get_serializer(*args, **kwargs)
    @action(methods=['get', 'post'], detail=False)
    def documented_custom_action(self, request):
        """
        get:
        A description of the get method on the custom action.
        post:
        A description of the post method on the custom action.
        """
        pass
    @documented_custom_action.mapping.put
    def put_documented_custom_action(self, request, *args, **kwargs):
        """
        A description of the put method on the custom action from mapping.
        """
        pass
 if coreapi:
    schema_view = get_schema_view(title='Example API')
@ -161,6 +179,13 @@ class TestRouterGeneratedSchema(TestCase):
                            description='Custom description.',
                        )
                    },
                    'documented_custom_action': {
                        'read': coreapi.Link(
                            url='/example/documented_custom_action/',
                            action='get',
                            description='A description of the get method on the custom action.',
                        )
                    },
                    'read': coreapi.Link(
                        url='/example/{id}/',
                        action='get',
@ -263,6 +288,33 @@ class TestRouterGeneratedSchema(TestCase):
                            description='Deletion description.',
                        ),
                    },
                    'documented_custom_action': {
                        'read': coreapi.Link(
                            url='/example/documented_custom_action/',
                            action='get',
                            description='A description of the get method on the custom action.',
                        ),
                        'create': coreapi.Link(
                            url='/example/documented_custom_action/',
                            action='post',
                            description='A description of the post method on the custom action.',
                            encoding='application/json',
                            fields=[
                                coreapi.Field('a', required=True, location='form', schema=coreschema.String(title='A', description='A field description')),
                                coreapi.Field('b', required=False, location='form', schema=coreschema.String(title='B'))
                            ]
                        ),
                        'update': coreapi.Link(
                            url='/example/documented_custom_action/',
                            action='put',
                            description='A description of the put method on the custom action from mapping.',
                            encoding='application/json',
                            fields=[
                                coreapi.Field('a', required=True, location='form', schema=coreschema.String(title='A', description='A field description')),
                                coreapi.Field('b', required=False, location='form', schema=coreschema.String(title='B'))
                            ]
                        ),
                    },
                    'update': coreapi.Link(
                        url='/example/{id}/',
                        action='put',
@ -548,6 +600,13 @@ class TestSchemaGeneratorWithMethodLimitedViewSets(TestCase):
                            description='Custom description.',
                        )
                    },
                    'documented_custom_action': {
                        'read': coreapi.Link(
                            url='/example1/documented_custom_action/',
                            action='get',
                            description='A description of the get method on the custom action.',
                        ),
                    },
                    'read': coreapi.Link(
                        url='/example1/{id}/',
                        action='get',
--- a/tests/test_templatetags.py
+++ b/tests/test_templatetags.py
@ -3,6 +3,7 @@ from __future__ import unicode_literals
 import unittest
 from django.template import Context, Template
 from django.test import TestCase
 from rest_framework.compat import coreapi, coreschema
@ -304,6 +305,16 @@ class URLizerTests(TestCase):
            '&quot;foo_set&quot;: [\n    &quot;<a href="http://api/foos/1/">http://api/foos/1/</a>&quot;\n], '
        self._urlize_dict_check(data)
    def test_template_render_with_noautoescape(self):
        """
        Test if the autoescape value is getting passed to urlize_quoted_links filter.
        """
        template = Template("{% load rest_framework %}"
                            "{% autoescape off %}{{ content|urlize_quoted_links }}"
                            "{% endautoescape %}")
        rendered = template.render(Context({'content': '"http://example.com"'}))
        assert rendered == '"<a href="http://example.com" rel="nofollow">http://example.com</a>"'
@unittest.skipUnless(coreapi, 'coreapi is not installed')
 class SchemaLinksTests(TestCase):
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@ -52,6 +52,14 @@ class ResourceViewSet(ModelViewSet):
    def detail_action(self, request, *args, **kwargs):
        raise NotImplementedError
    @action(detail=True, name='Custom Name')
    def named_action(self, request, *args, **kwargs):
        raise NotImplementedError
    @action(detail=True, suffix='Custom Suffix')
    def suffixed_action(self, request, *args, **kwargs):
        raise NotImplementedError
 router = SimpleRouter()
 router.register(r'resources', ResourceViewSet)
@ -145,6 +153,24 @@ class BreadcrumbTests(TestCase):
            ('Detail action', '/resources/1/detail_action/'),
        ]
    def test_modelviewset_action_name_kwarg(self):
        url = '/resources/1/named_action/'
        assert get_breadcrumbs(url) == [
            ('Root', '/'),
            ('Resource List', '/resources/'),
            ('Resource Instance', '/resources/1/'),
            ('Custom Name', '/resources/1/named_action/'),
        ]
    def test_modelviewset_action_suffix_kwarg(self):
        url = '/resources/1/suffixed_action/'
        assert get_breadcrumbs(url) == [
            ('Root', '/'),
            ('Resource List', '/resources/'),
            ('Resource Instance', '/resources/1/'),
            ('Resource Custom Suffix', '/resources/1/suffixed_action/'),
        ]
 class JsonFloatTests(TestCase):
    """
--- a/tests/test_viewsets.py
+++ b/tests/test_viewsets.py
@ -63,9 +63,28 @@ class ActionViewSet(GenericViewSet):
        raise NotImplementedError
 class ActionNamesViewSet(GenericViewSet):
    def retrieve(self, request, *args, **kwargs):
        return Response()
    @action(detail=True)
    def unnamed_action(self, request, *args, **kwargs):
        raise NotImplementedError
    @action(detail=True, name='Custom Name')
    def named_action(self, request, *args, **kwargs):
        raise NotImplementedError
    @action(detail=True, suffix='Custom Suffix')
    def suffixed_action(self, request, *args, **kwargs):
        raise NotImplementedError
 router = SimpleRouter()
 router.register(r'actions', ActionViewSet)
 router.register(r'actions-alt', ActionViewSet, basename='actions-alt')
 router.register(r'names', ActionNamesViewSet, basename='names')
 urlpatterns = [
@ -172,6 +191,19 @@ class GetExtraActionUrlMapTests(TestCase):
    def test_uninitialized_view(self):
        self.assertEqual(ActionViewSet().get_extra_action_url_map(), OrderedDict())
    def test_action_names(self):
        # Action 'name' and 'suffix' kwargs should be respected
        response = self.client.get('/api/names/1/')
        view = response.renderer_context['view']
        expected = OrderedDict([
            ('Custom Name', 'http://testserver/api/names/1/named_action/'),
            ('Action Names Custom Suffix', 'http://testserver/api/names/1/suffixed_action/'),
            ('Unnamed action', 'http://testserver/api/names/1/unnamed_action/'),
        ])
        self.assertEqual(view.get_extra_action_url_map(), expected)
@override_settings(ROOT_URLCONF='tests.test_viewsets')
 class ReverseActionTests(TestCase):