summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-04-15Only Accept CSRF Tokens in headers or POST bodiesDonald Stufft
Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-15link to router chapterMichael Merickel
2016-04-15link to alchemy pull requestMichael Merickel
2016-04-15Merge pull request #2499 from stevepiercy/masterSteve Piercy
remove 2.6 and 3.2, minor cleanup
2016-04-15rewrap 79-colSteve Piercy
2016-04-15remove 2.6 and 3.2, minor cleanupSteve Piercy
2016-04-14Merge pull request #2498 from stevepiercy/masterSteve Piercy
editorial review and approval
2016-04-14Merge remote-tracking branch 'upstream/master'Steve Piercy
Conflicts: docs/whatsnew-1.7.rst
2016-04-14editorial review and approvalSteve Piercy
2016-04-15link to HTTPException classMichael Merickel
2016-04-15snapshot the 1.6 changes into historyMichael Merickel
2016-04-151.7, not 1.6Michael Merickel
2016-04-15link the whatsnew-1.7Michael Merickel
2016-04-15first cut at whatsnew-1.7Michael Merickel
2016-04-15curate the changelogMichael Merickel
2016-04-14Merge pull request #2496 from Pylons/update/hashalg_authtktMichael Merickel
Switch to sha512 in AuthTktAuthenticationPolicy
2016-04-14Remove TODO itemBert JW Regeer
2016-04-14Update documentationBert JW Regeer
2016-04-14Add CHANGES.txt entry, and re-organiseBert JW Regeer
2016-04-14Remove unused importBert JW Regeer
2016-04-14Switch to sha512 in AuthTktAuthenticationPolicyBert JW Regeer
2016-04-14Merge pull request #2494 from arianmaykon/fix-issue-2493Steve Piercy
Issue #2493: Fixing Quick Tutorial Step 18 - CSS/JS Paths
2016-04-14Merge pull request #2489 from Pylons/feature/json_exceptionsMichael Merickel
Feature: JSON exceptions
2016-04-14Merge branch 'master' into feature/json_exceptionsBert JW Regeer
2016-04-14Update CHANGESBert JW Regeer
2016-04-14add a note in the todo about python 3.3Michael Merickel
2016-04-14Merge pull request #2491 from stevepiercy/feature.py33.deprecateMichael Merickel
- Deprecated support for Python 3.3. See #2477
2016-04-14Issue #2493: Fixing Quick Tutorial Step 18 - CSS/JS Paths, also on Step 19 - ↵Arian Maykon de Araújo Diógenes
Database
2016-04-14We don't use default_match, so remove itBert JW Regeer
2016-04-14Update test to verify the default is text/htmlBert JW Regeer
2016-04-14Make text/html the preferred server returnBert JW Regeer
This matches the original code whereby it would return an HTML page if you sent an Accept header of */*.
2016-04-13update deprecation log entrySteve Piercy
2016-04-13Issue #2493: Fixing Quick Tutorial Step 18 - CSS/JS PathsArian Maykon de Araújo Diógenes
2016-04-13Merge pull request #2490 from stevepiercy/masterSteve Piercy
- update Pyramid Request Processing Diagram.
2016-04-13- nudge `BeforeTraversal`Steve Piercy
2016-04-13- Deprecated support for Python 3.3. See #2477Steve Piercy
2016-04-13- update Pyramid Request Processing Diagram.Steve Piercy
- Closes #2473. - See also #2413 and #2469.
2016-04-12For */* case, MIMEAccept picks first server offerBert JW Regeer
This means that to make "text/plain" the default, we need to specifically make it the first thing we offer. For anything else, since the server offers are all weighted equally, the client order should be accepted.
2016-04-12PEP8Bert JW Regeer
2016-04-12Merge pull request #2413 from mmerickel/feature/require-csrfBert JW Regeer
require_csrf to replace check_csrf
2016-04-12We don't need to explicitly set charset for text/*Bert JW Regeer
application/json however doesn't have a charset, so we just specify that as UTF-8 for the purpose of encoding the bytes.
2016-04-12Test that JSON responses are actually JSONBert JW Regeer
We also test out the custom formatter that allows the user to change how the JSON is formatted for the exception.
2016-04-12Add new tests to verify we get what we ask forBert JW Regeer
This simply makes sure we get back the appropriate Content-Type based upon our Accept header.
2016-04-12Update tests to verif Content-Type headerBert JW Regeer
2016-04-12Explicit set Accept header to text/htmlBert JW Regeer
The default is now text/plain, so explicitly set the accept header for what we want to accept.
2016-04-12Use MIMEAccept not AcceptBert JW Regeer
Accept doesn't understand the notation of major/minor masks.
2016-04-12Using WebOb's acceptparse find best mimetype to useBert JW Regeer
We default to text/plain.
2016-04-12Merge branch 'master' into feature/require-csrfMichael Merickel
2016-04-12Merge pull request #2469 from Pylons/feature/BeforeTraversalMichael Merickel
Feature: BeforeTraversal
2016-04-12Add CHANGES for BeforeTraversalBert JW Regeer
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-18 05:36:06 +0000