| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-04-30 | Merge pull request #3019 from mmerickel/fixes/csrf-decoupling-2854 | Michael Merickel | |
| Decouple CSRF protection from the session machinery (replaced #2854) | |||
| 2017-04-30 | Merge branch 'master' into pr/2854 | Michael Merickel | |
| 2017-04-30 | restore the ``ICSRFStoragePolicy.check_csrf_token`` api | Michael Merickel | |
| 2017-04-29 | add changelog for #2874 | Michael Merickel | |
| 2017-04-29 | Merge pull request #2874 from mmerickel/config-context-manager | Michael Merickel | |
| turn the Configurator into a context manager | |||
| 2017-04-29 | final cleanup of csrf decoupling in #2854 | Michael Merickel | |
| - Renamed `SessionCSRFStoragePolicy` to `LegacySessionCSRFStoragePolicy` for the version that uses the legacy `ISession.get_csrf_token` and `ISession.new_csrf_token` apis and set that as the default. - Added new `SessionCSRFStoragePolicy` that stores data in the session similar to how the `SessionAuthenticationPolicy` works. - `CookieCSRFStoragePolicy` did not properly return the newly generated token from `get_csrf_token` after calling `new_csrf_token`. It needed to cache the new value since the response callback does not affect the current request. - `CookieCSRFStoragePolicy` was not forwarding the `domain` value to the `CookieProfile` causing that setting to be ignored. - Removed `check_csrf_token` from the `ICSRFStoragePolicy` interface to simplify implementations of storage policies. - Added an introspectable item for the configured storage policy so that it appears on the debugtoolbar. - Added a change note on `ISession` that it no longer required the csrf methods. - Leave deprecated shims in ``pyramid.session`` for ``check_csrf_origin`` and ``check_csrf_token``. | |||
| 2017-04-28 | Merge pull request #3017 from stevepiercy/master | Steve Piercy | |
| update cookiecutter README.txt throughout docs | |||
| 2017-04-28 | update cookiecutter README.txt throughout docs | Steve Piercy | |
| - https://github.com/Pylons/pyramid-cookiecutter-starter/pull/28 - https://github.com/Pylons/pyramid-cookiecutter-zodb/pull/7 - https://github.com/Pylons/pyramid-cookiecutter-alchemy/pull/8 | |||
| 2017-04-27 | Merge pull request #3016 from Natim/fix-rest-example | Bert JW Regeer | |
| Fix underlined title. | |||
| 2017-04-27 | Fix underlined title. | Rémy HUBSCHER | |
| 2017-04-26 | Move CSRF storage policy registration out of PHASE_1 config and simplify ↵ | Matthew Wilkes | |
| tests given previous improvements to CSRF. | |||
| 2017-04-26 | Apply drafting changes to documentation. | Matthew Wilkes | |
| 2017-04-24 | Merge pull request #3012 from stevepiercy/master | Steve Piercy | |
| update user prompt for cookiecutter repo_name | |||
| 2017-04-23 | update user prompt for cookiecutter repo_name | Steve Piercy | |
| - refs: https://github.com/Pylons/pyramid-cookiecutter-starter/pull/27#issuecomment-296507821 | |||
| 2017-04-19 | Merge pull request #2995 from jeremy886/master | Michael Merickel | |
| change cgi.escape to pyramid compat.escape | |||
| 2017-04-19 | Merge pull request #3007 from jeremy886/patch-2 | Michael Merickel | |
| Update CONTRIBUTORS.txt | |||
| 2017-04-19 | Update CONTRIBUTORS.txt | Jeremy Chen | |
| 2017-04-17 | Merge pull request #3004 from stevepiercy/master | Steve Piercy | |
| fix rst syntax for index entries | |||
| 2017-04-17 | fix rst syntax for index entries | Steve Piercy | |
| 2017-04-16 | Merge pull request #3001 from whiteroses/fix-typo | Steve Piercy | |
| Fix typo in comment. | |||
| 2017-04-16 | Fix typo in comment. | Ira Lun | |
| 2017-04-15 | Merge pull request #2996 from whiteroses/fix-typo | Steve Piercy | |
| Fix a typo in a comment. | |||
| 2017-04-15 | Fix a typo in a comment. | Ira Lun | |
| 2017-04-15 | Update default.py | Jeremy Chen | |
| 2017-04-15 | Update default.py | Jeremy Chen | |
| 2017-04-15 | Update default.py | Jeremy Chen | |
| 2017-04-15 | Update default.py | Jeremy Chen | |
| 2017-04-15 | Merge remote-tracking branch 'Pylons/master' | Jeremy Chen | |
| 2017-04-12 | add version tags on set_default_csrf_options | Michael Merickel | |
| 2017-04-12 | forward port some history changes from 1.8-branch | Michael Merickel | |
| 2017-04-12 | docs syntax fix | Michael Merickel | |
| 2017-04-12 | Use the webob CookieProfile in the Cookie implementation, rename some ↵ | Matthew Wilkes | |
| implemenations based on feedback, split CSRF implementation and option configuration and make the csrf token function exposed as a system default rather than a renderer event. | |||
| 2017-04-12 | Fix a bug where people that didn't configure CSRF protection but did ↵ | Matthew Wilkes | |
| configure a session and set explicit checks would see an exception | |||
| 2017-04-12 | Rename implementation to ICSRFStoragePolicy | Matthew Wilkes | |
| 2017-04-12 | add to contributors list | Jure Cerjak | |
| 2017-04-12 | Fix tests and documentation in various places, and feedback following review | Jure Cerjak | |
| regarding naming of variables and code cleanup. | |||
| 2017-04-12 | Create a new ICSRF implementation for getting CSRF tokens, split out from ↵ | Matthew Wilkes | |
| the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation. | |||
| 2017-04-10 | Merge pull request #2993 from stevepiercy/master | Michael Merickel | |
| add execution policy to pyramid request processing diagrams | |||
| 2017-04-10 | add execution policy to pyramid request processing diagrams | Steve Piercy | |
| 2017-04-10 | replace deprecated cgi.escape() with html.escape() | Jeremy Chen | |
| As suggested by https://docs.python.org/3.6/library/cgi.html cgi.escape() Deprecated since version 3.2: This function is unsafe because quote is false by default, and therefore deprecated. Use html.escape() instead. | |||
| 2017-04-08 | Merge pull request #2990 from stevepiercy/master | Steve Piercy | |
| grammar fix | |||
| 2017-04-08 | grammar fix | Steve Piercy | |
| 2017-04-02 | turn the Configurator into a context manager | Michael Merickel | |
| fixes #2872 | |||
| 2017-04-02 | Merge pull request #2989 from mmerickel/threadlocal-include | Michael Merickel | |
| push threadlocals while executing config.include functions | |||
| 2017-04-02 | add changelog for #2989 | Michael Merickel | |
| 2017-04-02 | push the threadlocal registry while config.include executes | Michael Merickel | |
| 2017-04-02 | add a failing test checking whether the threadlocal registry is active ↵ | Michael Merickel | |
| during config.include | |||
| 2017-03-29 | Merge pull request #2984 from mmerickel/pserve-open-url | Michael Merickel | |
| pserve open_url config setting | |||
| 2017-03-28 | changelog for #2984 | Michael Merickel | |
| 2017-03-28 | support opening the browser via pserve.open_url config setting | Michael Merickel | |
 |
index : pyramid | |
| Pyramid web framework (fork of https://github.com/Pylons/pyramid). | Daniel |
| summaryrefslogtreecommitdiff |