| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-08-19 | Standardize Unix capitalization | Steve Piercy | |
| 2018-08-18 | Clean up code-blocks in viewconfig | Steve Piercy | |
| 2016-11-19 | improve view decorator return type documentation | Michael Merickel | |
| Fixes #2770. | |||
| 2016-09-29 | Clean up docstrings/narr docs from PR #2660 | Steve Piercy | |
| - Closes #2768 | |||
| 2016-09-28 | derive exception views separately from normal views | Michael Merickel | |
| - previously the multiview was shared for both exception and hot-route, but now that we allow some exception-only views this needed to be separated - add ViewDeriverInfo.exception_only to detect exception views - do not prevent http_cache on exception views - optimize secured_view and csrf_view derivers to remove themselves from the view pipeline for exception views | |||
| 2016-04-16 | In addition to CSRF token, verify the origin too | Donald Stufft | |
| Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes. | |||
| 2016-04-15 | Have Automatic CSRF on all unsafe HTTP methods | Donald Stufft | |
| Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616. | |||
| 2016-04-15 | Only Accept CSRF Tokens in headers or POST bodies | Donald Stufft | |
| Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world. | |||
| 2016-04-10 | cleanup some references in the docs | Michael Merickel | |
| 2015-10-19 | resolve whitespace diff between master and 1.6-branch | Steve Piercy | |
| 2015-10-12 | rewrap 79 cols | Steve Piercy | |
| 2015-10-12 | minor grammar, wrap 79 cols | Steve Piercy | |
| 2015-09-12 | Fix possessive form, from PR by @uralbash | Steve Piercy | |
| 2015-06-06 | More idiomatic code | Kiss György | |
| 2015-05-27 | add an example decorator showing a response being used unconditionally | Michael Merickel | |
| 2015-03-26 | fix out of date match_param docs | Michael Merickel | |
| 2014-05-01 | fix #1253 | Michael Merickel | |
| 2014-02-10 | - Garden PR #1121 | Steve Piercy | |
| 2014-01-19 | update narrative docs about iterable decorator argument | Michael Merickel | |
| 2013-10-27 | Security APIs on pyramid.request.Request | Matt Russell | |
| The pyramid.security Authorization API function has_permission is made available on the request. The pyramid.security Authentication API functions are now available as properties (unauthenticated_userid, authenticated_userid, effective_principals) and methods (remember_userid, forget_userid) on pyramid.request.Request. Backwards compatibility: For each of the APIs moved to request method or property, the original API in the pyramid.security module proxies to the request. Reworked tests to check module level b/c wrappers call through to mixins for each API. Tests that check no reg on request now do the right thing. Use a response callback to set the request headers for forget_userid and remember_userid. Update docs. Attempt to improve a documentation section referencing the pyramid.security.has_permission function in docs/narr/resources.rst Ensures backwards compatiblity for `pyramid.security.forget` and `pyramid.security.remember`. | |||
| 2013-09-22 | try to clarify the docs to avoid "if '__main__'" confusion | Michael Merickel | |
| 2013-09-22 | typo | Michael Merickel | |
| 2013-09-02 | move docs section to a more appropriate place | Chris McDonough | |
| 2013-08-13 | Merge remote-tracking branch 'origin/master' into docs.gettingstarted | Paul Everitt | |
| Conflicts: docs/index.rst docs/latexindex.rst setup.py | |||
| 2013-08-12 | All wrapped up, pre-merge. | Paul Everitt | |
| 2013-08-09 | "repetion" to "repetition" | tisdall | |
| 2013-07-27 | Move .. versionadded:: 1.2 to end of ``match_param`` definition so that when ↵ | Steve Piercy | |
| building PDF it does not pause and wait for user to hit RETURN. This is now consistent with other placements of this directive as well. | |||
| 2013-07-24 | indicate version in which not_ was added | Chris McDonough | |
| 2013-07-24 | add not_ predicate feature | Chris McDonough | |
| 2013-04-05 | fix some cross-references | Tshepang Lekhonkhobe | |
| 2013-04-01 | Fix reST markup and spelling of "hand" | Catalin Iacob | |
| 2013-03-22 | remove unused ignore-next-block directive | Tshepang Lekhonkhobe | |
| 2013-03-21 | Resolve conflict. | Tres Seaver | |
| 2013-03-12 | Merge pull request #874 from tshepang/paragraph | Michael Merickel | |
| improve paragraph | |||
| 2013-03-12 | Merge pull request #871 from tshepang/repetition | Michael Merickel | |
| remove info that was given in the preceding paragraph | |||
| 2013-03-12 | Merge pull request #896 from tshepang/consistency | Michael Merickel | |
| consistency fixes | |||
| 2013-03-12 | Merge pull request #890 from tshepang/misc | Michael Merickel | |
| miscellaneous doc improvements | |||
| 2013-03-09 | consistency | Tshepang Lekhonkhobe | |
| 2013-03-08 | 2.5 no longer supported | Tshepang Lekhonkhobe | |
| 2013-03-06 | capitalize | Tshepang Lekhonkhobe | |
| 2013-03-05 | grammar fixes | Tshepang Lekhonkhobe | |
| 2013-02-26 | improve paragraph | Tshepang Lekhonkhobe | |
| 2013-02-26 | grammar | Tshepang Lekhonkhobe | |
| 2013-02-25 | grammar | Tshepang Lekhonkhobe | |
| 2013-02-23 | this info was given in the preceding paragraph | Tshepang Lekhonkhobe | |
| 2013-01-30 | use the more appropriate directives | Tshepang Lekhonkhobe | |
| 2013-01-06 | fix import typo in docs | Reed O'Brien | |
| 2013-01-01 | typo | Tshepang Lekhonkhobe | |
| 2012-10-28 | - Added an ``effective_principals`` route and view predicate. | Chris McDonough | |
| 2012-10-26 | - New ``physical_path`` view predicate. If specified, this value should be a | Chris McDonough | |
| string or a tuple representing the physical traversal path of the context found via traversal for this predicate to match as true. For example: ``physical_path='/'`` or ``physical_path='/a/b/c'`` or ``physical_path=('', 'a', 'b', 'c')``. This is not a path prefix match or a regex, it's a whole-path match. It's useful when you want to always potentially show a view when some object is traversed to, but you can't be sure about what kind of object it will be, so you can't use the ``context`` predicate. The individual path elements inbetween slash characters or in tuple elements should be the Unicode representation of the name of the resource and should not be encoded in any way. | |||
 |
index : pyramid | |
| Pyramid web framework (fork of https://github.com/Pylons/pyramid). | Daniel |
| summaryrefslogtreecommitdiff |