pyramid/docs, branch main Pyramid web framework (fork of https://github.com/Pylons/pyramid). Remove the usage of deprecated 'sqlalchemy.MetaData.bind' attribute 2024-12-06T07:00:45+00:00 Nguyễn Hoàng Anh Duy me@duynha.dev 2024-12-06T02:54:38+00:00 a254f1d7bd23345d477d21bf83d201f9622ba835 






chore: remove 'retail_forms' fossil
2024-06-10T01:15:03+00:00

Tres Seaver
tseaver@palladion.com

2024-06-10T01:15:03+00:00

1ebd9884e712463057de38fb4948a56c0c0982c5

Ten years on, it has never landed in the generated docs.





Ten years on, it has never landed in the generated docs.







fix: store 'came_from' information in the session
2024-06-10T01:11:38+00:00

Tres Seaver
tseaver@palladion.com

2024-06-10T01:04:45+00:00

e72d437280d39bf8a8f3f62c6987268537ad5b11

- As with the previous commit, we want to avoid trusting user-supplied data
  from the query string or form parameters when constructing redirect URLs.

- Storing the route name and matchdict for the view being forbidden in
  the session allows us to construct the redirect URL on successful
  login cleanly.

- In order to clarify that the logic of storing the 'came from'
  information is separate from rendering or processing the login form,
  this PR splits the `@forbidden_view` mapping onto a separate view function.





- As with the previous commit, we want to avoid trusting user-supplied data
  from the query string or form parameters when constructing redirect URLs.

- Storing the route name and matchdict for the view being forbidden in
  the session allows us to construct the redirect URL on successful
  login cleanly.

- In order to clarify that the logic of storing the 'came from'
  information is separate from rendering or processing the login form,
  this PR splits the `@forbidden_view` mapping onto a separate view function.







docs: remove 'came_from' from login view
2024-06-10T01:09:19+00:00

Tres Seaver
tseaver@palladion.com

2024-06-09T20:28:34+00:00

c9235146e0102d03bb4548711cd0b3b0637d81fa

- The narrative doesn't discuss this (mis-)feature.

- Without any authorization, there is no meaninful reason to remember
  the 'previous' page.

- As a general rule, we want to avoid trusting user-supplied data (i.e.,
  from the query string or form params) when constructing redirect URLs.





- The narrative doesn't discuss this (mis-)feature.

- Without any authorization, there is no meaninful reason to remember
  the 'previous' page.

- As a general rule, we want to avoid trusting user-supplied data (i.e.,
  from the query string or form params) when constructing redirect URLs.







Merge pull request #3753 from wainuiomata/security-docs-self-missing
2024-03-03T23:38:59+00:00

Michael Merickel
github@m.merickel.org

2024-03-03T23:38:59+00:00

72f61853beda8e21b669c3520e43fe3e5b224ba3

docs: missing self in SessionSecurityPolicy example




docs: missing self in SessionSecurityPolicy example






docs: fix typo in whatsnew MySecurityPolicy should be 'is'
2024-03-02T01:47:36+00:00

Rob van der Linde
robvdl@gmail.com

2024-03-02T01:47:36+00:00

294634e2739fbf44e0078cd259b45d236efde738












docs: missing self in SessionSecurityPolicy example
2024-03-01T23:52:34+00:00

Rob van der Linde
robvdl@gmail.com

2024-03-01T23:50:41+00:00

3a59cfef972463e6fa2512359fdfbbef5d1d9c35












add changelog for #3747 and #3751
2024-02-08T04:08:16+00:00

Michael Merickel
michael@merickel.org

2024-02-08T04:08:16+00:00

0441e47ae10f8e2006fd56860c90e96de30f6dec












Merge pull request #3747 from Pylons/wiki2-sqla-2.0
2024-02-08T04:02:40+00:00

Michael Merickel
github@m.merickel.org

2024-02-08T04:02:40+00:00

03e2e439f263aca7d4efa8173c0bbc4aacb8a3c2

upgrade the wiki2 tutorial with the new cookiecutter updates




upgrade the wiki2 tutorial with the new cookiecutter updates






sync language from zodb tutorial for test sections
2024-02-08T03:52:33+00:00

Michael Merickel
michael@merickel.org

2024-02-08T03:52:33+00:00

222386e96a1711b6215f64ea809a9f4a7a8c2202