| Age | Commit message (Collapse) | Author |
|---|
|
- Added `set_security_policy`` to more places in the docs.
- Ensure that the authn/authz policies are not used at all if the legacy
policy is not in effect to avoid edge cases where the code would skip
the security policy and use the authn/authz policy on accident.
- Change deprecation warnings in code to reference the docs by name
instead of by URL.
|
|
|
|
config.set_default_csrf_options
|
|
(cherry picked from commit c7b1bff)
|
|
|
|
|
|
|
|
with the same indentation as the rest of the code block)
|
|
``pyramid.config.Configurator` constructor and its ``setup_registry`` method
has been removed. The ``set_renderer_globals_factory`` method of
``pyramid.config.Configurator`` has also been removed. The (internal)
``pyramid.interfaces.IRendererGlobals`` interface was also removed. These
arguments, methods and interfaces had been deprecated since 1.1. Use a
``BeforeRender`` event subscriber as documented in the "Hooks" chapter of the
Pyramid narrative documentation instead of providing renderer globals values
to the configurator.
|
|
|
|
|
|
|
|
``config.add_view(someview, check_csrf=True)``. When the predicate is
checked, if the ``csrf_token`` value in ``request.params`` matches the csrf
token in the request's session, the view will be permitted to execute.
Otherwise, it will not be permitted to execute.
|
|
|
|
--------
- Add an ``introspection`` boolean to the Configurator constructor. If this
is ``True``, actions registered using the Configurator will be registered
with the introspector. If it is ``False``, they won't. The default is
``True``. Setting it to ``False`` during action processing will prevent
introspection for any following registration statements, and setting it to
``True`` will start them up again. This addition is to service a
requirement that the debug toolbar's own views and methods not show up in
the introspector.
Backwards Incompatibilities
---------------------------
- Remove ``pyramid.config.Configurator.with_context`` class method. It was
never an API, it is only used by ``pyramid_zcml`` and its functionality has
been moved to that package's latest release. This means that you'll need
to use the latest release of ``pyramid_zcml`` with this release of Pyramid.
- The ``introspector`` argument to the ``pyramid.config.Configurator``
constructor API has been removed. It has been replaced by the boolean
``introspection`` flag.
- The ``pyramid.registry.noop_introspector`` API object has been removed.
|
|
|
|
Hooks narrative documentation section entitled "Changing the Traverser" for
more information. This is not a new feature, it just provides an API for
adding a traverser without needing to use the ZCA API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
registrations while doing so
|
|
|
