drop py27-only features at least temporarily

call me nostalgic

2 files changed, 4 insertions, 2 deletions

diff --git a/pyramid/session.py b/pyramid/session.py
index 2cc303558..36ebc2f00 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -182,7 +182,7 @@ def check_csrf_origin(request, trusted_origins=None, raises=True):
                     "pyramid.csrf_trusted_origins", [])
             )
 
-        if request.host_port not in {80, 443}:
+        if request.host_port not in set([80, 443]):
             trusted_origins.append("{0.domain}:{0.host_port}".format(request))
         else:
             trusted_origins.append(request.domain)
diff --git a/pyramid/viewderivers.py b/pyramid/viewderivers.py
index c6152e382..d5a5c480a 100644
--- a/pyramid/viewderivers.py
+++ b/pyramid/viewderivers.py
@@ -477,6 +477,8 @@ def _parse_csrf_setting(val, error_source):
                 .format(error_source))
     return val
 
+SAFE_REQUEST_METHODS = frozenset(["GET", "HEAD", "OPTIONS", "TRACE"])
+
 def csrf_view(view, info):
     default_val = _parse_csrf_setting(
         info.settings.get('pyramid.require_default_csrf'),
@@ -493,7 +495,7 @@ def csrf_view(view, info):
         def csrf_view(context, request):
             # Assume that anything not defined as 'safe' by RFC2616 needs
             # protection
-            if request.method not in {"GET", "HEAD", "OPTIONS", "TRACE"}:
+            if request.method not in SAFE_REQUEST_METHODS:
                 check_csrf_origin(request, raises=True)
                 check_csrf_token(request, val, raises=True)
             return view(context, request)