diff options
Diffstat (limited to 'docs/whatsnew-1.4.rst')
| -rw-r--r-- | docs/whatsnew-1.4.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/whatsnew-1.4.rst b/docs/whatsnew-1.4.rst index 76320f6e6..86bfc7c0a 100644 --- a/docs/whatsnew-1.4.rst +++ b/docs/whatsnew-1.4.rst @@ -156,6 +156,12 @@ Minor Feature Additions - A new :func:`pyramid.session.check_csrf_token` convenience API function was added. +- A ``check_csrf`` view predicate was added. For example, you can now do + ``config.add_view(someview, check_csrf=True)``. When the predicate is + checked, if the ``csrf_token`` value in ``request.params`` matches the csrf + token in the request's session, the view will be permitted to execute. + Otherwise, it will not be permitted to execute. + Backwards Incompatibilities --------------------------- |