summaryrefslogtreecommitdiff
path: root/docs/narr/viewconfig.rst
AgeCommit message (Collapse)Author
2020-07-02improve docÉric Araujo
Co-Authored-By: Steve Piercy
2020-07-02add tests and docsÉric Araujo
2020-06-22first shot for #1602Éric Araujo
2020-05-07better wordingÉric Araujo
2020-05-04support multiple values for header predicateÉric Araujo
2020-01-17Merge pull request #3563 from mmerickel/move-acl-security-to-authorizationMichael Merickel
Move acl security to authorization
2020-01-12move doc references from pyramid.security to pyramid.authorizationMichael Merickel
2020-01-11replace "third-party" with "custom"Éric Araujo
2020-01-08first batch of fixes from code reviewÉric Araujo
Co-Authored-By: Steve Piercy <web@stevepiercy.com>
2020-01-07rewrite docs for custom predicatesÉric Araujo
2019-10-17remove check_csrf view predicateMichael Merickel
2019-07-27Fix typosMin ho Kim
2018-11-02remove deprecated media range support from add_view and add_routeMichael Merickel
2018-10-10improve the language around unspecified match orderingMichael Merickel
2018-10-10sentence-per-lineMichael Merickel
2018-10-10fix up the docsMichael Merickel
2018-10-10deprecate range supportMichael Merickel
2018-10-02fix lintsMichael Merickel
2018-09-27fix docsMichael Merickel
2018-09-27enable sorting of offersMichael Merickel
2018-09-03update docs and changelogMichael Merickel
2018-08-28fix deprecated usage of request.accept in AcceptPredicateMichael Merickel
2018-08-19Standardize Unix capitalizationSteve Piercy
2018-08-18Clean up code-blocks in viewconfigSteve Piercy
2016-11-19improve view decorator return type documentationMichael Merickel
Fixes #2770.
2016-09-29Clean up docstrings/narr docs from PR #2660Steve Piercy
- Closes #2768
2016-09-28derive exception views separately from normal viewsMichael Merickel
- previously the multiview was shared for both exception and hot-route, but now that we allow some exception-only views this needed to be separated - add ViewDeriverInfo.exception_only to detect exception views - do not prevent http_cache on exception views - optimize secured_view and csrf_view derivers to remove themselves from the view pipeline for exception views
2016-04-16In addition to CSRF token, verify the origin tooDonald Stufft
Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
2016-04-15Have Automatic CSRF on all unsafe HTTP methodsDonald Stufft
Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616.
2016-04-15Only Accept CSRF Tokens in headers or POST bodiesDonald Stufft
Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-10cleanup some references in the docsMichael Merickel
2015-10-19resolve whitespace diff between master and 1.6-branchSteve Piercy
2015-10-12rewrap 79 colsSteve Piercy
2015-10-12minor grammar, wrap 79 colsSteve Piercy
2015-09-12Fix possessive form, from PR by @uralbashSteve Piercy
2015-06-06More idiomatic codeKiss György
2015-05-27add an example decorator showing a response being used unconditionallyMichael Merickel
2015-03-26fix out of date match_param docsMichael Merickel
2014-05-01fix #1253Michael Merickel
2014-02-10- Garden PR #1121Steve Piercy
2014-01-19update narrative docs about iterable decorator argumentMichael Merickel
2013-10-27Security APIs on pyramid.request.RequestMatt Russell
The pyramid.security Authorization API function has_permission is made available on the request. The pyramid.security Authentication API functions are now available as properties (unauthenticated_userid, authenticated_userid, effective_principals) and methods (remember_userid, forget_userid) on pyramid.request.Request. Backwards compatibility: For each of the APIs moved to request method or property, the original API in the pyramid.security module proxies to the request. Reworked tests to check module level b/c wrappers call through to mixins for each API. Tests that check no reg on request now do the right thing. Use a response callback to set the request headers for forget_userid and remember_userid. Update docs. Attempt to improve a documentation section referencing the pyramid.security.has_permission function in docs/narr/resources.rst Ensures backwards compatiblity for `pyramid.security.forget` and `pyramid.security.remember`.
2013-09-22try to clarify the docs to avoid "if '__main__'" confusionMichael Merickel
2013-09-22typoMichael Merickel
2013-09-02move docs section to a more appropriate placeChris McDonough
2013-08-13Merge remote-tracking branch 'origin/master' into docs.gettingstartedPaul Everitt
Conflicts: docs/index.rst docs/latexindex.rst setup.py
2013-08-12All wrapped up, pre-merge.Paul Everitt
2013-08-09"repetion" to "repetition"tisdall
2013-07-27Move .. versionadded:: 1.2 to end of ``match_param`` definition so that when ↵Steve Piercy
building PDF it does not pause and wait for user to hit RETURN. This is now consistent with other placements of this directive as well.
2013-07-24indicate version in which not_ was addedChris McDonough
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 11:37:43 +0000