diff options
| author | Chris McDonough <chrism@plope.com> | 2012-09-19 04:48:14 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2012-09-19 04:48:14 -0400 |
| commit | 80cd0b1ab6b97c99863db045a2dda984e006c3b9 (patch) | |
| tree | f591cabd04e88017f5e3e0cd2dc467d2e366f886 | |
| parent | 68c60204490ba104c592d4de322ce21bdf6df0d3 (diff) | |
| download | pyramid-80cd0b1ab6b97c99863db045a2dda984e006c3b9.tar.gz pyramid-80cd0b1ab6b97c99863db045a2dda984e006c3b9.tar.bz2 pyramid-80cd0b1ab6b97c99863db045a2dda984e006c3b9.zip | |
garden
| -rw-r--r-- | CHANGES.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index e08a69b84..58e484a92 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -6,6 +6,11 @@ Features - A new ``pyramid.session.check_csrf_token`` convenience function was added. +- A ``check_csrf`` view predicate was added. For example, you can now do + ``config.add_view(someview, check_csrf=True)``. When the predicate is + checked, if the ``csrf_token`` value in ``request.params`` matches the CSRF + token in the request's session, the view will be permitted to execute. + Otherwise, it will not be permitted to execute. 1.4a1 (2012-09-16) ================== |