summaryrefslogtreecommitdiff
path: root/docs/narr
AgeCommit message (Collapse)Author
2016-04-24add sphinx doctests for hooks.rstSteve Piercy
2016-04-24Allow Sphinx doctests to run and pass with `make doctest ↵Steve Piercy
SPHINXBUILD=$VENV/bin/sphinx-build`. - TODO: two tests in `docs/narr/hooks.rst`
2016-04-24update bad linkSteve Piercy
2016-04-23Fix all the stinky linkie rot via `make linkcheck ↵Steve Piercy
SPHINXBUILD=$VENV/bin/sphinx-build`, but don't bother with HISTORY.txt or whatsnew-xx
2016-04-19replace pyramid.require_default_csrf setting with ↵Michael Merickel
config.set_default_csrf_options
2016-04-17better explain view deriver optionsChris McDonough
2016-04-16Merge pull request #2507 from stevepiercy/masterSteve Piercy
replace ps1con with doscon for lexer and syntax highlighting
2016-04-16In addition to CSRF token, verify the origin tooDonald Stufft
Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
2016-04-15Have Automatic CSRF on all unsafe HTTP methodsDonald Stufft
Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616.
2016-04-15Only Accept CSRF Tokens in headers or POST bodiesDonald Stufft
Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-12Merge branch 'master' into feature/require-csrfMichael Merickel
2016-04-12Merge branch 'master' into feature/BeforeTraversalBert JW Regeer
2016-04-12Remove note about -Wd flagBert JW Regeer
Since we no longer support Python 2.6, it becomes a requirement for all our supported Python versions, and thus the note is no longer required.
2016-04-12Update introduction to testingBert JW Regeer
It mentions that we use Jenkins, but our Travis is more open, and used for all commits, so add a reference to Travis as well. Also, remove Python 2.6 reference here.
2016-04-12Replace Python 2.6 with 2.7Bert JW Regeer
2016-04-12- zap easy_install stragglerSteve Piercy
2016-04-12one does not simply "create a virtualenv". one should "create a virtual ↵Steve Piercy
environment". - Fixes #2483
2016-04-12update testing.rstSteve Piercy
- replace nose with py.test - use pip - use literalinclude of MyProject/setup.py instead of copy-pasta
2016-04-12- use an environment variable and venv. See ↵Steve Piercy
https://github.com/Pylons/pyramid/pull/2468#discussion_r59311019 - rename stanza from `testing_extras` to `tests_require` - switch from nose to pytest
2016-04-12- replace `python -m` with `python3 -m`Steve Piercy
2016-04-12- replace `pyvenv` with `python3 -m venv`Steve Piercy
2016-04-12- removed "now" per ↵Steve Piercy
https://github.com/Pylons/pyramid/pull/2468#discussion_r59310317
2016-04-12- fix readme in narr/MyProject (used in project.rst and testing.rst)Steve Piercy
2016-04-11Merge branch 'master' into docs/easy-install-to-pip.2104Michael Merickel
2016-04-11remove theme.min.css, it serves no purposeMichael Merickel
2016-04-11- upgrade `BeforeTraversal` event in router.rstSteve Piercy
2016-04-11- add trailing line endingSteve Piercy
2016-04-11- update narr/project.rst to use pip instead of setup.pySteve Piercy
- update starter scaffold tests and setup.py (used in `narr/project.rst` and `narr/testing.rst`) - update links to documentation
2016-04-10Update router documentationBert JW Regeer
2016-04-10cleanup some references in the docsMichael Merickel
2016-04-10deprecate the check_csrf predicateMichael Merickel
2016-04-10rewrite csrf checks to support a global setting to turn it onMichael Merickel
- only check csrf on POST - support "pyramid.require_default_csrf" setting - support "require_csrf=True" to fallback to the global setting to determine the token name
2016-04-10add a csrf_view to the view pipeline supporting a require_csrf optionMichael Merickel
2016-04-10- update installation.rst to use pip, pyvenv, Python 3.4Steve Piercy
- simplify installation.rst by removing not-Pyramid things (installing Python and requirements for installing packages) while providing official external references - update cross-reference in quick_tutorial requirements.rst - add glossary entry for pyvenv
2016-04-10Merge pull request #2021 from Pylons/feature/configurable-view-deriverMichael Merickel
configurable view deriver
2016-04-10- update extending.rst to use pipSteve Piercy
2016-04-10- update commandline.rst to use pipSteve Piercy
2016-04-08Add pyramid_jinja2 example to i18n docs. Fixes #2437.Steve Piercy
2016-04-08update constraints for derivers as well as docsMichael Merickel
2016-04-07separate the viewderiver module and allow overriding the mapperMichael Merickel
2016-04-03- replace easy_install with pipSteve Piercy
- bump Python version to 3.5 or generalize to Python 3 - rewrite seealso's - use ps1con lexer for windows powershell console - add hyperlink targets
2016-03-21polish view derivers docs, minor grammarSteve Piercy
2016-03-17fix deriver docs to explain ordering issuesMichael Merickel
2016-03-14add a docstring for add_view_deriver and expose the method to the api docsMichael Merickel
2016-03-14do not guess at the name of the view deriver without further discussionMichael Merickel
2016-03-14use the implicit name in the doc examplesMichael Merickel
2016-03-14first cut at documenting view deriversMichael Merickel
2016-03-14polish Invoking an Exception View docsSteve Piercy
- add index entry - minor grammar, syntax
2016-03-14move comment closer to relevant logicMichael Merickel
2016-03-14fix broken refMichael Merickel
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-23 21:41:15 +0000