| Age | Commit message (Collapse) | Author |
|---|
|
Add an additional layer of protection against CSRF by verifying the actual
origin of the request in addition to the CSRF token. We only do this check on
sites hosted behind HTTPS because only HTTPS sites have evidence to show that
the Referrer header is not being spuriously removed by random middleware
boxes.
|
|
Fixes #1388 or part thereof
|
|
|
|
|
|
|
|
This URL is a subclass of the built-in Python exception named
``UnicodeDecodeError``.
- When decoding a URL segment to Unicode fails, the exception raised
is now ``repoze.bfg.exceptions.URLDecodeError`` instead of
``UnicodeDecodeError``. This makes it possible to register an
exception view invoked specifically when ``repoze.bfg`` cannot
decode a URL.
|
|
|
|
solved the reissue_time authentication policy issue a different way).
|
|
|
|
``repoze.bfg.exceptions.NotFound``. The old location still
functions, but emits a deprecation warning.
- The import of ``repoze.bfg.security.Unauthorized`` is deprecated in
favor of ``repoze.bfg.exceptions.Forbidden``. The old location
still functions but emits a deprecation warning. The rename from
``Unauthorized`` to ``Forbidden`` brings parity to the the name of
the exception and the system view it invokes when raised.
- New ``repoze.bfg.exceptions`` module was created to house exceptions
that were previously sprinkled through various modules.
- An ``exceptions`` API chapter was added, documenting the new
``repoze.bfg.exceptions`` module.
|
