| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-11-03 | change to use JSONSerializer for SignedCookieSessionFactory | Michael Merickel | |
| 2018-09-16 | deprecate signed_serialize and signed_deserialize | Michael Merickel | |
| 2018-09-16 | deprecate pickleable sessions, recommend json | Michael Merickel | |
| 2017-04-12 | Create a new ICSRF implementation for getting CSRF tokens, split out from ↵ | Matthew Wilkes | |
| the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation. | |||
| 2016-04-16 | In addition to CSRF token, verify the origin too | Donald Stufft | |
| Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes. | |||
| 2015-11-23 | expose the PickleSerializer | Michael Merickel | |
| 2013-10-19 | update the docs | Michael Merickel | |
| 2012-09-19 | add check_csrf convenience function | Chris McDonough | |
| 2010-11-02 | Insecure -> Unencrypted | Chris McDonough | |
| 2010-10-29 | - New API methods in ``pyramid.session``: ``signed_serialize`` and | Chris McDonough | |
| ``signed_deserialize``. | |||
| 2010-10-28 | sessioning docs | Chris McDonough | |
 |
index : pyramid | |
| Pyramid web framework (fork of https://github.com/Pylons/pyramid). | Daniel |
| summaryrefslogtreecommitdiff |