summaryrefslogtreecommitdiff
path: root/docs/api
AgeCommit message (Collapse)Author
2019-10-17add ISecurityPolicy to the public interface apiMichael Merickel
2019-10-02define an IPredicateInfo instead of passing the full configurator to predicatesMichael Merickel
2019-09-30Merge pull request #3465 from luhn/security-policyMichael Merickel
Security policy implementation
2019-07-13Improve authn/authz API docs.Theron Luhn
2019-06-23Deprecation notices.Theron Luhn
2019-06-23Make sure Configator.set_security_policy is in docs.Theron Luhn
2019-05-26API docs.Theron Luhn
2019-04-01Fix docs build.Theron Luhn
2019-01-05stop overriding request.json_body from webobMichael Merickel
2018-11-26Merge pull request #3421 from mmerickel/drop-py2Michael Merickel
remove py2 from the codebase
2018-11-21Keep the localizer property from showing up twice in the docsKarl O. Pinc
2018-11-18Remove `docs/api/compat.rst`. The remaining items were moved into ↵Steve Piercy
`pyramid.util`, but we don't want to document anything in that module.
2018-11-17Remove long type (should have been removed with other type aliases)Steve Piercy
2018-11-17Remove native_, rename ascii_native_ to ascii_Steve Piercy
2018-11-17Remove urllib.parse shimsSteve Piercy
2018-11-17Remove is_nonstr_iterSteve Piercy
2018-11-17Remove reraiseSteve Piercy
2018-11-17Remove SimpleCookie and escape shimsSteve Piercy
2018-11-17Remove iter*, configparser, input_, map_Steve Piercy
2018-11-17Remove pickle and exec aliasesSteve Piercy
2018-11-17Remove *_types per b1a257bacc1c4ac2c1401ed02c51d9c6c03685d2Steve Piercy
- Remove Python 2 items, and remove explicit mention of Python 3.
2018-11-03change to use JSONSerializer for SignedCookieSessionFactoryMichael Merickel
2018-11-01remove deprecated security functionsMichael Merickel
2018-10-31remove docs/api/scaffolds.rstMichael Merickel
2018-10-15add route_prefix_context to api docsMichael Merickel
2018-10-15fix whatsnew syntaxMichael Merickel
2018-10-03remove deprecated set_request_propertyMichael Merickel
2018-09-16deprecate signed_serialize and signed_deserializeMichael Merickel
2018-09-16deprecate pickleable sessions, recommend jsonMichael Merickel
2018-08-18Clean up code-blocks in requestSteve Piercy
2018-06-11Add httpexception for status code 308Jason Williams
2017-06-18Merge branch 'master' into pr/3034Michael Merickel
2017-06-18configure resource_url to use the same logicMichael Merickel
2017-06-14fix p.security.ACLPermitsResult to subclass p.security.PermitsResultMichael Merickel
The ``IAuthorizationPolicy`` is expected to return an instance of ``PermitsResult`` and the ``ACLPermitsResult`` now subclasses this to form a consistent class hierarchy. Similarly the ``ACLDenied`` subclasses ``Denied`` and ``ACLAllowed`` subclasses ``Allowed`` for consistency.
2017-04-30Merge pull request #2985 from mmerickel/plasterMichael Merickel
migrate pyramid to use plaster
2017-04-29final cleanup of csrf decoupling in #2854Michael Merickel
- Renamed `SessionCSRFStoragePolicy` to `LegacySessionCSRFStoragePolicy` for the version that uses the legacy `ISession.get_csrf_token` and `ISession.new_csrf_token` apis and set that as the default. - Added new `SessionCSRFStoragePolicy` that stores data in the session similar to how the `SessionAuthenticationPolicy` works. - `CookieCSRFStoragePolicy` did not properly return the newly generated token from `get_csrf_token` after calling `new_csrf_token`. It needed to cache the new value since the response callback does not affect the current request. - `CookieCSRFStoragePolicy` was not forwarding the `domain` value to the `CookieProfile` causing that setting to be ignored. - Removed `check_csrf_token` from the `ICSRFStoragePolicy` interface to simplify implementations of storage policies. - Added an introspectable item for the configured storage policy so that it appears on the debugtoolbar. - Added a change note on `ISession` that it no longer required the csrf methods. - Leave deprecated shims in ``pyramid.session`` for ``check_csrf_origin`` and ``check_csrf_token``.
2017-04-12Use the webob CookieProfile in the Cookie implementation, rename some ↵Matthew Wilkes
implemenations based on feedback, split CSRF implementation and option configuration and make the csrf token function exposed as a system default rather than a renderer event.
2017-04-12Rename implementation to ICSRFStoragePolicyMatthew Wilkes
2017-04-12Fix tests and documentation in various places, and feedback following reviewJure Cerjak
regarding naming of variables and code cleanup.
2017-04-12Create a new ICSRF implementation for getting CSRF tokens, split out from ↵Matthew Wilkes
the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation.
2017-03-29rewrite low-level pyramid config functions to use plasterMichael Merickel
2017-02-25add an IExecutionPolicy that can wrap the routerMichael Merickel
2016-12-24expose the new exception view apisMichael Merickel
2016-11-24comment out autodoc of TranslationString to get docs to build on Travis-CISteve Piercy
https://travis-ci.org/Pylons/pyramid/jobs/178536008#L406
2016-08-31rename the credentials classMichael Merickel
2016-08-10Add docs & explict testsDariusz Górecki
2016-05-15fix headings and sufficesSteve Piercy
2016-05-10expose the IRequestFactory interfaceMichael Merickel
2016-04-19replace pyramid.require_default_csrf setting with ↵Michael Merickel
config.set_default_csrf_options
2016-04-16In addition to CSRF token, verify the origin tooDonald Stufft
Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 21:02:48 +0000