Merge branch 'master' into 1.4-branch

author: Chris McDonough <chrism@plope.com> 2012-09-19 04:46:41 -0400
committer: Chris McDonough <chrism@plope.com> 2012-09-19 04:46:41 -0400
commit: 68c60204490ba104c592d4de322ce21bdf6df0d3 (patch)
tree: 799aa2aef543aa4c9c22227d3416d74dd0df4c10 /docs/whatsnew-1.4.rst
parent: 68c25d39f9c0531be2916ad433904c7247c0f5c7 (diff)
parent: 643a83473a6faabd0ff08547a0cbca09e9cdda1c (diff)
download: pyramid-68c60204490ba104c592d4de322ce21bdf6df0d3.tar.gz
pyramid-68c60204490ba104c592d4de322ce21bdf6df0d3.tar.bz2
pyramid-68c60204490ba104c592d4de322ce21bdf6df0d3.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/whatsnew-1.4.rst b/docs/whatsnew-1.4.rst
index 76320f6e6..86bfc7c0a 100644
--- a/docs/whatsnew-1.4.rst
+++ b/docs/whatsnew-1.4.rst
@@ -156,6 +156,12 @@ Minor Feature Additions
 - A new :func:`pyramid.session.check_csrf_token` convenience API function was
   added.
 
+- A ``check_csrf`` view predicate was added.  For example, you can now do
+  ``config.add_view(someview, check_csrf=True)``.  When the predicate is
+  checked, if the ``csrf_token`` value in ``request.params`` matches the csrf
+  token in the request's session, the view will be permitted to execute.
+  Otherwise, it will not be permitted to execute.
+
 Backwards Incompatibilities
 ---------------------------
author	Chris McDonough <chrism@plope.com>	2012-09-19 04:46:41 -0400
committer	Chris McDonough <chrism@plope.com>	2012-09-19 04:46:41 -0400
commit	68c60204490ba104c592d4de322ce21bdf6df0d3 (patch)
tree	799aa2aef543aa4c9c22227d3416d74dd0df4c10 /docs/whatsnew-1.4.rst
parent	68c25d39f9c0531be2916ad433904c7247c0f5c7 (diff)
parent	643a83473a6faabd0ff08547a0cbca09e9cdda1c (diff)
download	pyramid-68c60204490ba104c592d4de322ce21bdf6df0d3.tar.gz pyramid-68c60204490ba104c592d4de322ce21bdf6df0d3.tar.bz2 pyramid-68c60204490ba104c592d4de322ce21bdf6df0d3.zip