summaryrefslogtreecommitdiff
path: root/docs/whatsnew-2.0.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/whatsnew-2.0.rst')
-rw-r--r--docs/whatsnew-2.0.rst91
1 files changed, 81 insertions, 10 deletions
diff --git a/docs/whatsnew-2.0.rst b/docs/whatsnew-2.0.rst
index 906529d6b..8685d9629 100644
--- a/docs/whatsnew-2.0.rst
+++ b/docs/whatsnew-2.0.rst
@@ -1,22 +1,93 @@
What's New in Pyramid 2.0
=========================
-This article explains the new features in :app:`Pyramid` version 2.0 as
-compared to its predecessor, :app:`Pyramid` 1.10. It also documents backwards
-incompatibilities between the two versions and deprecations added to
-:app:`Pyramid` 2.0, as well as software dependency changes and notable
-documentation additions.
+This article explains the new features in :app:`Pyramid` version 2.0 as compared to its predecessor, :app:`Pyramid` 1.10.
+It also documents backwards incompatibilities between the two versions and deprecations added to :app:`Pyramid` 2.0, as well as software dependency changes and notable documentation additions.
+
+.. note::
+
+ This is the first release of :app:`Pyramid` that does not support Python 2, which is now End-of-Life and no longer receiving critical security updates by the PSF.
Feature Additions
-----------------
The feature additions in Pyramid 2.0 are as follows:
-- The authentication and authorization policies of Pyramid 1.x have been merged
- into a single :term:`security policy` in Pyramid 2.0. For details on how to
- migrate to the new security policy, see :ref:`upgrading_auth`.
- Authentication and authorization policies can still be used and will continue
- to function normally for the time being.
+- The authentication and authorization policies of Pyramid 1.x have been merged into a single :term:`security policy` in Pyramid 2.0.
+ For details on how to migrate to the new security policy, see :ref:`upgrading_auth`.
+ Authentication and authorization policies can still be used and will continue to function normally for the time being.
+
+ New security APIs have been added to support an overhaul of the authentication and authorization system.
+ Read :ref:`upgrading_auth` for information about using this new system.
+
+ - :meth:`pyramid.config.Configurator.set_security_policy`
+ - :class:`pyramid.interfaces.ISecurityPolicy`
+ - :attr:`pyramid.request.Request.authenticated_identity`
+ - :class:`pyramid.authentication.AuthTktCookieHelper` (available in Pyramid 1.x)
+ - :class:`pyramid.authentication.SessionAuthenticationHelper`
+ - :class:`pyramid.authorization.ACLHelper`
+
+ See https://github.com/Pylons/pyramid/pull/3465
+
+- Changed the default ``serializer`` on :class:`pyramid.session.SignedCookieSessionFactory` to use :class:`pyramid.session.JSONSerializer` instead of :class:`pyramid.session.PickleSerializer`.
+ Read "Changes to ISession in Pyramid 2.0" in the "Sessions" chapter of the documentation for more information about why this change was made.
+ See https://github.com/Pylons/pyramid/pull/3413
+
+- It is now possible to control whether a route pattern contains a trailing
+ slash when it is composed with a route prefix using
+ ``config.include(..., route_prefix=...)`` or
+ ``with config.route_prefix_context(...)``. This can be done by specifying
+ an empty pattern and setting the new argument
+ ``inherit_slash=True``. For example:
+
+ .. code-block:: python
+
+ with config.route_prefix_context('/users'):
+ config.add_route('users', '', inherit_slash=True)
+
+ In the example, the resulting pattern will be ``/users``. Similarly, if the
+ route prefix were ``/users/`` then the final pattern would be ``/users/``.
+ If the ``pattern`` was ``'/'``, then the final pattern would always be
+ ``/users/``. This new setting is only available if the pattern supplied
+ to ``add_route`` is the empty string (``''``).
+ See https://github.com/Pylons/pyramid/pull/3420
+
+- A new parameter, ``allow_no_origin``, was added to :meth:`pyramid.config.Configurator.set_default_csrf_options` as well as :func:`pyramid.csrf.check_csrf_origin`.
+ This option controls whether a request is rejected if it has no ``Origin`` or ``Referer`` header - often the result of a user configuring their browser not to send a ``Referer`` header for privacy reasons even on same-domain requests.
+ The default is to reject requests without a known origin.
+ It is also possible to allow the special ``Origin: null`` header by adding it to the ``pyramid.csrf_trusted_origins`` list in the settings.
+ See https://github.com/Pylons/pyramid/pull/3512 and https://github.com/Pylons/pyramid/pull/3518
+
+- A new parameter, ``check_origin``, was added to :meth:`pyramid.config.Configurator.set_default_csrf_options` which disables origin checking entirely.
+ See https://github.com/Pylons/pyramid/pull/3518
+
+- Added :class:`pyramid.interfaces.IPredicateInfo` which defines the object passed to predicate factories as their second argument.
+ See https://github.com/Pylons/pyramid/pull/3514
+
+- Added support for serving pre-compressed static assets by using the ``content_encodings`` argument of :meth:`pyramid.config.Configurator.add_static_view` and :func:`pyramid.static.static_view`.
+ See https://github.com/Pylons/pyramid/pull/3537
+
+- Fix ``DeprecationWarning`` emitted by using the ``imp`` module.
+ See https://github.com/Pylons/pyramid/pull/3553
+
+- Properties created via ``config.add_request_method(..., property=True)`` or ``request.set_property`` used to be readonly.
+ They can now be overridden via ``request.foo = ...`` and until the value is deleted it will return the overridden value.
+ This is most useful when mocking request properties in testing.
+ See https://github.com/Pylons/pyramid/pull/3559
+
+- Finished callbacks are now executed as part of the ``closer`` that is invoked as part of :func:`pyramid.scripting.prepare` and :func:`pyramid.paster.bootstrap`.
+ See https://github.com/Pylons/pyramid/pull/3561
+
+- Added :class:`pyramid.request.RequestLocalCache` which can be used to create simple objects that are shared across requests and can be used to store per-request data.
+ This is useful when the source of data is external to the request itself.
+ Often a reified property is used on a request via :meth:`pyramid.config.Configurator.add_request_method`, or :class:`pyramid.decorator.reify`.
+ These work great when the data is generated on-demand when accessing the request property.
+ However, often the case is that the data is generated when accessing some other system
+ and then we want to cache the data for the duration of the request.
+ See https://github.com/Pylons/pyramid/pull/3561
+
+- Exposed :data:`pyramid.authorization.ALL_PERMISSIONS` and :data:`pyramid.authorization.DENY_ALL` such that all of the ACL-related constants are now importable from the ``pyramid.authorization`` namespace.
+ See https://github.com/Pylons/pyramid/pull/3563
Deprecations
------------
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-10 22:01:55 +0000