summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2016-04-16add docs and backward incompatibility notices for #2501Michael Merickel
2016-04-16In addition to CSRF token, verify the origin tooDonald Stufft
Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
2016-04-15Update CHANGES/whatsnew-1.7 for updated require_csrfBert JW Regeer
2016-04-15Have Automatic CSRF on all unsafe HTTP methodsDonald Stufft
Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616.
2016-04-15Only Accept CSRF Tokens in headers or POST bodiesDonald Stufft
Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-15link to router chapterMichael Merickel
2016-04-15link to alchemy pull requestMichael Merickel
2016-04-14Merge remote-tracking branch 'upstream/master'Steve Piercy
Conflicts: docs/whatsnew-1.7.rst
2016-04-14editorial review and approvalSteve Piercy
2016-04-15link to HTTPException classMichael Merickel
2016-04-151.7, not 1.6Michael Merickel
2016-04-15link the whatsnew-1.7Michael Merickel
2016-04-15first cut at whatsnew-1.7Michael Merickel
2016-04-14Issue #2493: Fixing Quick Tutorial Step 18 - CSS/JS Paths, also on Step 19 - ↵Arian Maykon de Araújo Diógenes
Database
2016-04-13Issue #2493: Fixing Quick Tutorial Step 18 - CSS/JS PathsArian Maykon de Araújo Diógenes
2016-04-13- nudge `BeforeTraversal`Steve Piercy
2016-04-13- update Pyramid Request Processing Diagram.Steve Piercy
- Closes #2473. - See also #2413 and #2469.
2016-04-12Merge branch 'master' into feature/require-csrfMichael Merickel
2016-04-12Merge branch 'master' into feature/BeforeTraversalBert JW Regeer
2016-04-12Remove note about -Wd flagBert JW Regeer
Since we no longer support Python 2.6, it becomes a requirement for all our supported Python versions, and thus the note is no longer required.
2016-04-12Update introduction to testingBert JW Regeer
It mentions that we use Jenkins, but our Travis is more open, and used for all commits, so add a reference to Travis as well. Also, remove Python 2.6 reference here.
2016-04-12Replace Python 2.6 with 2.7Bert JW Regeer
2016-04-12- zap easy_install stragglerSteve Piercy
2016-04-12- add mention of Windows and Python 3.3+ for virtual environmentsSteve Piercy
2016-04-12one does not simply "create a virtualenv". one should "create a virtual ↵Steve Piercy
environment". - Fixes #2483
2016-04-12one does not simply "create a virtualenv". one should "create a virtual ↵Steve Piercy
environment"
2016-04-12update testing.rstSteve Piercy
- replace nose with py.test - use pip - use literalinclude of MyProject/setup.py instead of copy-pasta
2016-04-12- use an environment variable and venv. See ↵Steve Piercy
https://github.com/Pylons/pyramid/pull/2468#discussion_r59311019 - rename stanza from `testing_extras` to `tests_require` - switch from nose to pytest
2016-04-12- replace `python -m` with `python3 -m`Steve Piercy
2016-04-12- replace `pyvenv` with `python3 -m venv`Steve Piercy
2016-04-12- removed "now" per ↵Steve Piercy
https://github.com/Pylons/pyramid/pull/2468#discussion_r59310317
2016-04-12- fix readme in quick_tour/sqla_demoSteve Piercy
2016-04-12- fix readme in narr/MyProject (used in project.rst and testing.rst)Steve Piercy
2016-04-11fix extras_requires to extras_requireMichael Merickel
2016-04-11Merge branch 'master' into docs/easy-install-to-pip.2104Michael Merickel
2016-04-11remove theme.min.css, it serves no purposeMichael Merickel
2016-04-11fix readme to show directions in both alchemy and zodbMichael Merickel
2016-04-11- upgrade `BeforeTraversal` event in router.rstSteve Piercy
2016-04-11- upgrade setuptools, too, in the two wikisSteve Piercy
2016-04-11- add trailing line endingSteve Piercy
2016-04-11- update narr/project.rst to use pip instead of setup.pySteve Piercy
- update starter scaffold tests and setup.py (used in `narr/project.rst` and `narr/testing.rst`) - update links to documentation
2016-04-11tweak wiki2 test to be more succinctSteve Piercy
2016-04-10Update router documentationBert JW Regeer
2016-04-10Add API docs for BeforeTraversalBert JW Regeer
2016-04-10cleanup some references in the docsMichael Merickel
2016-04-10deprecate the check_csrf predicateMichael Merickel
2016-04-10rewrite csrf checks to support a global setting to turn it onMichael Merickel
- only check csrf on POST - support "pyramid.require_default_csrf" setting - support "require_csrf=True" to fallback to the global setting to determine the token name
2016-04-10add a csrf_view to the view pipeline supporting a require_csrf optionMichael Merickel
2016-04-10- update installation.rst to use pip, pyvenv, Python 3.4Steve Piercy
- simplify installation.rst by removing not-Pyramid things (installing Python and requirements for installing packages) while providing official external references - update cross-reference in quick_tutorial requirements.rst - add glossary entry for pyvenv
2016-04-10Merge pull request #2021 from Pylons/feature/configurable-view-deriverMichael Merickel
configurable view deriver
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-01 17:53:22 +0000