diff options
| author | Matthew Wilkes <git@matthewwilkes.name> | 2016-12-05 12:16:26 +0100 |
|---|---|---|
| committer | Matthew Wilkes <git@matthewwilkes.name> | 2017-04-12 12:13:45 +0100 |
| commit | a2c7c7a49bceeaaab2853e7e73c3671979d4c9ed (patch) | |
| tree | bdc3640fad15bc3ea257df26399ff8aaaee14bd1 /CHANGES.txt | |
| parent | 387993115ee777784654c95d9f2f8d8ce7c4f5e4 (diff) | |
| download | pyramid-a2c7c7a49bceeaaab2853e7e73c3671979d4c9ed.tar.gz pyramid-a2c7c7a49bceeaaab2853e7e73c3671979d4c9ed.tar.bz2 pyramid-a2c7c7a49bceeaaab2853e7e73c3671979d4c9ed.zip | |
Create a new ICSRF implementation for getting CSRF tokens, split out from the session machinery.
Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation.
Diffstat (limited to 'CHANGES.txt')
| -rw-r--r-- | CHANGES.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index c8a87f625..9d6264688 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -24,6 +24,14 @@ Features can be alleviated by invoking ``config.begin()`` and ``config.end()`` appropriately. See https://github.com/Pylons/pyramid/pull/2989 +- A new CSRF implementation, :class:`pyramid.csrf.SessionCSRF` has been added, + which deleagates all CSRF generation to the current session, following the + old API for this. A ``get_csrf_token()`` method is now available in template + global scope, to make it easy for template developers to get the current CSRF + token without adding it to Python code. + See https://github.com/Pylons/pyramid/pull/2854 + + Bug Fixes --------- @@ -50,3 +58,7 @@ Backward Incompatibilities Documentation Changes --------------------- + +- Retrieving CSRF token from the session has been deprecated, in favor of + equivalent methods in :mod:`pyramid.csrf`. + See https://github.com/Pylons/pyramid/pull/2854 |