diff options
| author | Michael Merickel <michael@merickel.org> | 2019-09-30 15:43:38 -0500 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2019-09-30 15:43:38 -0500 |
| commit | d7d3512268f5404535d6504c45664aacb31c36a9 (patch) | |
| tree | 6612edd09f1d0f9cf19335367952db474908974f | |
| parent | 502149ae3694bcb8eefb42974e84a5bf603aaebb (diff) | |
| download | pyramid-d7d3512268f5404535d6504c45664aacb31c36a9.tar.gz pyramid-d7d3512268f5404535d6504c45664aacb31c36a9.tar.bz2 pyramid-d7d3512268f5404535d6504c45664aacb31c36a9.zip | |
add changelog for #3512
| -rw-r--r-- | CHANGES.rst | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index 5f83d7c4f..bf113ddd8 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -38,6 +38,14 @@ Features - Improve debugging info from ``pyramid.view.view_config`` decorator. See https://github.com/Pylons/pyramid/pull/3483 +- A new parameter, ``allow_no_origin``, was added to + ``pyramid.config.Configurator.set_default_csrf_options`` as well as + ``pyramid.csrf.check_csrf_origin``. This option controls whether a + request is rejected if it has no ``Origin`` or ``Referer`` header - + often the result of a configuring their browser not to send a + ``Referer`` header for privacy reasons. + See https://github.com/Pylons/pyramid/pull/3512 + Deprecations ------------ |