diff options
| author | Chris McDonough <chrism@plope.com> | 2013-06-05 06:04:58 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2013-06-05 06:04:58 -0400 |
| commit | 806063db53955a94ff52aa42fe38bc30a851c166 (patch) | |
| tree | a4e095937aff27abea18ea524724f4129027edd1 /CHANGES.txt | |
| parent | 92f0934ee4259a9b5d0f2c58228067103855be40 (diff) | |
| parent | fab8454294b6271c727a0251c78b5f55df5788bf (diff) | |
| download | pyramid-806063db53955a94ff52aa42fe38bc30a851c166.tar.gz pyramid-806063db53955a94ff52aa42fe38bc30a851c166.tar.bz2 pyramid-806063db53955a94ff52aa42fe38bc30a851c166.zip | |
Merge branch 'lukecyca-master'
Diffstat (limited to 'CHANGES.txt')
| -rw-r--r-- | CHANGES.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index a471addce..6a26879a3 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -29,6 +29,11 @@ Features ``initialize_myapp_db etc/development.ini a=1 b=2``. See https://github.com/Pylons/pyramid/pull/911 +- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view + predicate now take into account the value of the HTTP header named + ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they + always did). The header is tried when the form parameter does not exist. + Bug Fixes --------- |