summaryrefslogtreecommitdiff
path: root/docs
AgeCommit message (Collapse)Author
2016-04-27fix bugs in design defense code examplesMichael Merickel
fixes #2287
2016-04-25fix explanation of require_csrfMichael Merickel
2016-04-24add sphinx doctests for hooks.rstSteve Piercy
2016-04-24Allow Sphinx doctests to run and pass with `make doctest ↵Steve Piercy
SPHINXBUILD=$VENV/bin/sphinx-build`. - TODO: two tests in `docs/narr/hooks.rst`
2016-04-24update bad linkSteve Piercy
2016-04-24Use parsed-literal for installing versions of Pyramid. This should future ↵Steve Piercy
proof docs.
2016-04-23Fix all the stinky linkie rot via `make linkcheck ↵Steve Piercy
SPHINXBUILD=$VENV/bin/sphinx-build`, but don't bother with HISTORY.txt or whatsnew-xx
2016-04-19replace pyramid.require_default_csrf setting with ↵Michael Merickel
config.set_default_csrf_options
2016-04-17update RELEASING.txt to better account for master and previous branchesSteve Piercy
- add term "final" release - explicitify the implicit -
2016-04-17better explain view deriver optionsChris McDonough
2016-04-16update RELEASING.txt with version terms, extra stepSteve Piercy
update conf.py with clearer comments and prep for rolldown for 1.6
2016-04-16Merge pull request #2506 from stevepiercy/masterSteve Piercy
replace nose with pytest, clean up
2016-04-16Merge pull request #2507 from stevepiercy/masterSteve Piercy
replace ps1con with doscon for lexer and syntax highlighting
2016-04-16Merge pull request #2505 from stevepiercy/docs/quick-tour-gotcher-noseSteve Piercy
Docs/quick tour gotcher nose
2016-04-16add docs and backward incompatibility notices for #2501Michael Merickel
2016-04-16In addition to CSRF token, verify the origin tooDonald Stufft
Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
2016-04-15Update CHANGES/whatsnew-1.7 for updated require_csrfBert JW Regeer
2016-04-15Have Automatic CSRF on all unsafe HTTP methodsDonald Stufft
Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616.
2016-04-15Only Accept CSRF Tokens in headers or POST bodiesDonald Stufft
Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-15link to router chapterMichael Merickel
2016-04-15link to alchemy pull requestMichael Merickel
2016-04-14Merge remote-tracking branch 'upstream/master'Steve Piercy
Conflicts: docs/whatsnew-1.7.rst
2016-04-14editorial review and approvalSteve Piercy
2016-04-15link to HTTPException classMichael Merickel
2016-04-151.7, not 1.6Michael Merickel
2016-04-15link the whatsnew-1.7Michael Merickel
2016-04-15first cut at whatsnew-1.7Michael Merickel
2016-04-14Issue #2493: Fixing Quick Tutorial Step 18 - CSS/JS Paths, also on Step 19 - ↵Arian Maykon de Araújo Diógenes
Database
2016-04-13Issue #2493: Fixing Quick Tutorial Step 18 - CSS/JS PathsArian Maykon de Araújo Diógenes
2016-04-13- nudge `BeforeTraversal`Steve Piercy
2016-04-13- update Pyramid Request Processing Diagram.Steve Piercy
- Closes #2473. - See also #2413 and #2469.
2016-04-12Merge branch 'master' into feature/require-csrfMichael Merickel
2016-04-12Merge branch 'master' into feature/BeforeTraversalBert JW Regeer
2016-04-12Remove note about -Wd flagBert JW Regeer
Since we no longer support Python 2.6, it becomes a requirement for all our supported Python versions, and thus the note is no longer required.
2016-04-12Update introduction to testingBert JW Regeer
It mentions that we use Jenkins, but our Travis is more open, and used for all commits, so add a reference to Travis as well. Also, remove Python 2.6 reference here.
2016-04-12Replace Python 2.6 with 2.7Bert JW Regeer
2016-04-12- zap easy_install stragglerSteve Piercy
2016-04-12- add mention of Windows and Python 3.3+ for virtual environmentsSteve Piercy
2016-04-12one does not simply "create a virtualenv". one should "create a virtual ↵Steve Piercy
environment". - Fixes #2483
2016-04-12one does not simply "create a virtualenv". one should "create a virtual ↵Steve Piercy
environment"
2016-04-12update testing.rstSteve Piercy
- replace nose with py.test - use pip - use literalinclude of MyProject/setup.py instead of copy-pasta
2016-04-12- use an environment variable and venv. See ↵Steve Piercy
https://github.com/Pylons/pyramid/pull/2468#discussion_r59311019 - rename stanza from `testing_extras` to `tests_require` - switch from nose to pytest
2016-04-12- replace `python -m` with `python3 -m`Steve Piercy
2016-04-12- replace `pyvenv` with `python3 -m venv`Steve Piercy
2016-04-12- removed "now" per ↵Steve Piercy
https://github.com/Pylons/pyramid/pull/2468#discussion_r59310317
2016-04-12- fix readme in quick_tour/sqla_demoSteve Piercy
2016-04-12- fix readme in narr/MyProject (used in project.rst and testing.rst)Steve Piercy
2016-04-11fix extras_requires to extras_requireMichael Merickel
2016-04-11Merge branch 'master' into docs/easy-install-to-pip.2104Michael Merickel
2016-04-11remove theme.min.css, it serves no purposeMichael Merickel
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 13:15:17 +0000