| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-06-14 | fix p.security.ACLPermitsResult to subclass p.security.PermitsResult | Michael Merickel | |
| The ``IAuthorizationPolicy`` is expected to return an instance of ``PermitsResult`` and the ``ACLPermitsResult`` now subclasses this to form a consistent class hierarchy. Similarly the ``ACLDenied`` subclasses ``Denied`` and ``ACLAllowed`` subclasses ``Allowed`` for consistency. | |||
| 2017-04-30 | Merge pull request #2985 from mmerickel/plaster | Michael Merickel | |
| migrate pyramid to use plaster | |||
| 2017-04-29 | final cleanup of csrf decoupling in #2854 | Michael Merickel | |
| - Renamed `SessionCSRFStoragePolicy` to `LegacySessionCSRFStoragePolicy` for the version that uses the legacy `ISession.get_csrf_token` and `ISession.new_csrf_token` apis and set that as the default. - Added new `SessionCSRFStoragePolicy` that stores data in the session similar to how the `SessionAuthenticationPolicy` works. - `CookieCSRFStoragePolicy` did not properly return the newly generated token from `get_csrf_token` after calling `new_csrf_token`. It needed to cache the new value since the response callback does not affect the current request. - `CookieCSRFStoragePolicy` was not forwarding the `domain` value to the `CookieProfile` causing that setting to be ignored. - Removed `check_csrf_token` from the `ICSRFStoragePolicy` interface to simplify implementations of storage policies. - Added an introspectable item for the configured storage policy so that it appears on the debugtoolbar. - Added a change note on `ISession` that it no longer required the csrf methods. - Leave deprecated shims in ``pyramid.session`` for ``check_csrf_origin`` and ``check_csrf_token``. | |||
| 2017-04-12 | Use the webob CookieProfile in the Cookie implementation, rename some ↵ | Matthew Wilkes | |
| implemenations based on feedback, split CSRF implementation and option configuration and make the csrf token function exposed as a system default rather than a renderer event. | |||
| 2017-04-12 | Rename implementation to ICSRFStoragePolicy | Matthew Wilkes | |
| 2017-04-12 | Fix tests and documentation in various places, and feedback following review | Jure Cerjak | |
| regarding naming of variables and code cleanup. | |||
| 2017-04-12 | Create a new ICSRF implementation for getting CSRF tokens, split out from ↵ | Matthew Wilkes | |
| the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation. | |||
| 2017-03-29 | rewrite low-level pyramid config functions to use plaster | Michael Merickel | |
| 2017-02-25 | add an IExecutionPolicy that can wrap the router | Michael Merickel | |
| 2016-12-24 | expose the new exception view apis | Michael Merickel | |
| 2016-11-24 | comment out autodoc of TranslationString to get docs to build on Travis-CI | Steve Piercy | |
| https://travis-ci.org/Pylons/pyramid/jobs/178536008#L406 | |||
| 2016-08-31 | rename the credentials class | Michael Merickel | |
| 2016-08-10 | Add docs & explict tests | Dariusz Górecki | |
| 2016-05-15 | fix headings and suffices | Steve Piercy | |
| 2016-05-10 | expose the IRequestFactory interface | Michael Merickel | |
| 2016-04-19 | replace pyramid.require_default_csrf setting with ↵ | Michael Merickel | |
| config.set_default_csrf_options | |||
| 2016-04-16 | In addition to CSRF token, verify the origin too | Donald Stufft | |
| Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes. | |||
| 2016-04-10 | Add API docs for BeforeTraversal | Bert JW Regeer | |
| 2016-04-10 | Merge pull request #2021 from Pylons/feature/configurable-view-deriver | Michael Merickel | |
| configurable view deriver | |||
| 2016-04-08 | update constraints for derivers as well as docs | Michael Merickel | |
| 2016-04-07 | separate the viewderiver module and allow overriding the mapper | Michael Merickel | |
| 2016-04-06 | Pass vars to logging.config.fileConfig | Marc Abramowitz | |
| This allows one to set up a logging configuration that is parameterized based on variables specified on the command-line. e.g.: the application .ini file could have: ```ini [logger_root] level = %(LOGGING_LOGGER_ROOT_LEVEL)s handlers = console [handler_console] class = StreamHandler args = (sys.stderr,) level = %(LOGGING_HANDLER_CONSOLE_LEVEL)s formatter = generic ``` This app could be launched with: ``` pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG LOGGING_HANDLER_CONSOLE_LEVEL=DEBUG ``` | |||
| 2016-03-14 | add a docstring for add_view_deriver and expose the method to the api docs | Michael Merickel | |
| 2016-03-09 | add options support to view derivers | Michael Merickel | |
| exposed a new IViewDeriver api with an optional ``options`` list to expose support for new kwargs that may be passed to config.add_view | |||
| 2016-03-03 | link invoke_exception_view to api docs | Michael Merickel | |
| 2015-11-23 | expose the PickleSerializer | Michael Merickel | |
| 2015-11-12 | update cache buster prose and add ManifestCacheBuster | Michael Merickel | |
| redux of #2013 | |||
| 2015-11-12 | Revert "fix/remove-default-cachebusters" | Michael Merickel | |
| This reverts commit 7410250313f893e5952bb2697324a4d4e3d47d22. This reverts commit cbec33b898efffbfa6acaf91cae45ec0daed4d7a. This reverts commit 345ca3052c395545b90fef9104a16eed5ab051a5, reversing changes made to 47162533af84bb8d26db6d1c9ba1e63d70e9070f. | |||
| 2015-11-12 | complete cache buster docs using manifest example | Michael Merickel | |
| 2015-10-21 | first cut at removing default cache busters | Michael Merickel | |
| 2015-05-28 | fix duplicate name resource_path | uralbash | |
| 2015-02-17 | expose public config phases in pyramid.config | Michael Merickel | |
| 2015-02-17 | remove the token from the ICacheBuster api | Michael Merickel | |
| This exposes the QueryStringCacheBuster and PathSegmentCacheBuster public APIs alongside the md5-variants. These should be more cleanly subclassed by people wishing to extend their implementations. | |||
| 2015-02-16 | add InstancePropertyHelper and apply_request_extensions | Michael Merickel | |
| 2015-02-07 | move the IResponseFactory into the public api | Michael Merickel | |
| 2014-12-23 | - add an index to the API directory for better SEO | Steve Piercy | |
| 2014-11-25 | Documentation added | Hugo Branquinho | |
| 2014-11-17 | Merge branch 'master' into feature.security-docs-enhancements | Michael Merickel | |
| 2014-11-10 | Merge pull request #1445 from bertjwregeer/fix.exceptions | Steve Piercy | |
| Change autoclass to autoexception | |||
| 2014-11-10 | Change autoclass to autoexception | Bert JW Regeer | |
| Fixes #1388 or part thereof | |||
| 2014-11-10 | update the public api for remember | Michael Merickel | |
| 2014-08-13 | some tweaks to the usage of userid in the docs | Michael Merickel | |
| 2014-08-12 | Docs: Make "userid" link to the glossary term. | Karl O. Pinc | |
| 2014-08-12 | Docs: Make clear that a userid need not be a principal. | Karl O. Pinc | |
| 2014-07-28 | Mo' features, mo' problems. | Chris Rossi | |
| 2014-07-18 | Take mcdonc's advice. This should be easier for users to understand. | Chris Rossi | |
| 2014-07-17 | Write the documentation. | Chris Rossi | |
| 2014-04-18 | Corrected the comment's language | thapar | |
| 2014-04-18 | Typo fix "not"-->"no" | thapar | |
| 2014-04-17 | More explicit example of set_property | flibustenet | |
| cleanup callback has a "request" parameter (and not "_") cleanup callback know (since 1.5) if an exception occurred or not (to commit or rollback) (same as #1302 on 1.5) | |||
 |
index : pyramid | |
| Pyramid web framework (fork of https://github.com/Pylons/pyramid). | Daniel |
| summaryrefslogtreecommitdiff |