pyramid - Pyramid web framework (fork of https://github.com/Pylons/pyramid).

Age	Commit message (Collapse)	Author
2017-06-27	Update all external links per `make linkcheck`	Steve Piercy
	- Most are changing http to https, or readthedocs.org to readthedocs.io, and some for Python packaging reorganizing some docs into tutorials, as well as miscellaneous changes.
2017-04-26	Apply drafting changes to documentation.	Matthew Wilkes

2017-04-12	Fix tests and documentation in various places, and feedback following review	Jure Cerjak
	regarding naming of variables and code cleanup.
2017-04-12	Create a new ICSRF implementation for getting CSRF tokens, split out from ↵	Matthew Wilkes
	the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation.
2016-10-06	Add pyramid_nacl_session to session factories	Steve Piercy
	- closes #2791
2016-04-24	Allow Sphinx doctests to run and pass with `make doctest ↵	Steve Piercy
	SPHINXBUILD=$VENV/bin/sphinx-build`. - TODO: two tests in `docs/narr/hooks.rst`
2016-04-24	update bad link	Steve Piercy

2016-04-19	replace pyramid.require_default_csrf setting with ↵	Michael Merickel
	config.set_default_csrf_options
2016-04-16	In addition to CSRF token, verify the origin too	Donald Stufft
	Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
2016-04-15	Have Automatic CSRF on all unsafe HTTP methods	Donald Stufft
	Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616.
2016-04-15	Only Accept CSRF Tokens in headers or POST bodies	Donald Stufft
	Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-10	cleanup some references in the docs	Michael Merickel

2016-04-10	deprecate the check_csrf predicate	Michael Merickel

2016-04-10	rewrite csrf checks to support a global setting to turn it on	Michael Merickel
	- only check csrf on POST - support "pyramid.require_default_csrf" setting - support "require_csrf=True" to fallback to the global setting to determine the token name
2015-10-16	minor grammar, rewrap 79 cols	Steve Piercy
	(cherry picked from commit a18960a)
2015-05-31	- update testing and templating remarks	Steve Piercy
	- grammar, punctuation, 79-column rewrapping, case corrections
2015-05-30	Added notes on check_csrf view predicate. Also it is an add_view parameter, ↵	Kiss György
	not add_route.
2015-01-07	Provide a ref to check_csrf_token	Pavlo Kapyshin

2015-01-07	Fix rendering	Pavlo Kapyshin

2014-02-10	- Update list of session packages	Steve Piercy
	- Update Quick Tour section on sessions - Closes PR #1150
2013-10-19	Merge branch 'master' into feature.signed-cookie-session	Michael Merickel

2013-10-19	update the docs	Michael Merickel

2013-10-17	fix documentation for csrf checking	Michael Merickel

2013-10-02	fix the docs build and get rid of stray references to Beaker	Chris McDonough

2013-10-02	Merge pull request #1138 from kpinc/doc_session	Chris McDonough
	Docs: sessions.rst: Explain example.
2013-10-02	Docs: sessions.rst: Sessions only work when the client cooperates.	Karl O. Pinc

2013-10-02	- Removed mention of ``pyramid_beaker`` from docs. Beaker is no longer	Chris McDonough
	maintained. Point people at ``pyramid_redis_sessions`` instead.
2013-10-02	Docs: sessions.rst: Explain example.	Karl O. Pinc

2013-08-13	Merge remote-tracking branch 'origin/master' into docs.gettingstarted	Paul Everitt
	Conflicts: docs/index.rst docs/latexindex.rst setup.py
2013-08-12	All wrapped up, pre-merge.	Paul Everitt

2013-08-06	add redis session mention	Chris McDonough

2013-06-04	Add examples to narrative CSRF docs	Luke Cyca

2013-06-02	Edited narrative docs about CSRF	Luke Cyca

2013-03-23	no need to qualify Python interactive sessions	Tshepang Lekhonkhobe
	Sphinx automatically notices them as Python snippets and gives them syntax highlighting. These snippets are also too short to deserve linenos.
2013-01-29	pluralize	Tshepang Lekhonkhobe

2012-11-02	explain csrf token stealing potentiality	Chris McDonough

2012-06-19	point at pyramid_beaker docs rather than its github page	Chris McDonough

2011-07-20	add more index markers	Chris McDonough

2011-07-09	Old sentence was grammatically incorrect, literally meant that the URL or ↵	ejo
	button in question did not know it was redirecting the user. It is the user who does not know, so "unwittingly" is replaced with "secretly"; "surreptitiously" would be another accurate alternative. An alternative sentence construction that maintains the word "unwittingly" would be, e.g., "...might click on a URL or button on another website and be unwittingly redirected to your application to perform some command that requires elevated privileges."
2011-01-27	module name contractions	Chris McDonough

2011-01-08	redocument relationship between get_csrf_token and new_csrf_token	Chris McDonough

2011-01-06	remove comment, it's more or less answered	Casey Duncan

2011-01-06	clarify by promoting parenthetical, add comment requesting some advice	Casey Duncan

2011-01-06	clarify	Casey Duncan

2011-01-05	add parens to method references	Casey Duncan

2011-01-05	forgot an important session feature in summary	Casey Duncan

2011-01-05	add summary paragraph to tie things together better	Casey Duncan

2011-01-05	incorporate return type and queue semantics into same paragraph	Casey Duncan

2011-01-05	clarify behavior of allow_duplicate	Casey Duncan

2011-01-05	remove redundant sentence	Casey Duncan