summaryrefslogtreecommitdiff
path: root/pyramid
AgeCommit message (Collapse)Author
2016-05-12add some tests for excview tweenMichael Merickel
2016-05-10fix excview tween to reraise the original exception if left unhandled by ↵Michael Merickel
exception views fixes #2566
2016-05-10execute scaffolds using pip and py.testMichael Merickel
2016-05-10ensure invoke_exception_view always returns a responseMichael Merickel
2016-05-06scaffolds: Allow `py.test` to be run on new project without specifying test ↵Vincent Férotin
module path.
2016-05-01remove pyramid_tm from development.iniSteve Piercy
- fixes #2538
2016-04-27avoid executing the discriminator functions multiple timesMichael Merickel
2016-04-26do not enforce default permissions on exception viewsMichael Merickel
- this normalizes the behavior to work similar to require_csrf - if an explicit permission= is set on the view it will still be enforced, this just affects a default permission via config.set_default_permission - permission=NO_PERMISSION_REQUIRED was already forced on for notfound and forbidden views, this just helps out with other exception views
2016-04-24Allow Sphinx doctests to run and pass with `make doctest ↵Steve Piercy
SPHINXBUILD=$VENV/bin/sphinx-build`. - TODO: two tests in `docs/narr/hooks.rst`
2016-04-23Merge pull request #2523 from int3l/masterTres Seaver
import/docstring adjustments in decorator module
2016-04-23Fix all the stinky linkie rot via `make linkcheck ↵Steve Piercy
SPHINXBUILD=$VENV/bin/sphinx-build`, but don't bother with HISTORY.txt or whatsnew-xx
2016-04-23adjustment and update docstring to be consistantint3l
2016-04-23import/docstring adjustments in decorator moduleint3l
2016-04-19Merge branch 'pr/2520' into feature/appveyor-ciMichael Merickel
2016-04-19remove vestiges of pyramid.require_default_csrfMichael Merickel
2016-04-19Make tests pass under WindowsChristoph Zwerschke
2016-04-19replace pyramid.require_default_csrf setting with ↵Michael Merickel
config.set_default_csrf_options
2016-04-18disable csrf checking on all exception views unless explicitly turned onMichael Merickel
2016-04-17request.host_port is a str not an intDonald Stufft
2016-04-17fix csrf setting error messageMichael Merickel
2016-04-16drop py27-only features at least temporarilyMichael Merickel
call me nostalgic
2016-04-16add docs and backward incompatibility notices for #2501Michael Merickel
2016-04-16fix format string to work on py26Michael Merickel
2016-04-16In addition to CSRF token, verify the origin tooDonald Stufft
Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
2016-04-15Have Automatic CSRF on all unsafe HTTP methodsDonald Stufft
Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616.
2016-04-15Only Accept CSRF Tokens in headers or POST bodiesDonald Stufft
Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-14Update documentationBert JW Regeer
2016-04-14Remove unused importBert JW Regeer
2016-04-14Switch to sha512 in AuthTktAuthenticationPolicyBert JW Regeer
2016-04-14Merge branch 'master' into feature/json_exceptionsBert JW Regeer
2016-04-14We don't use default_match, so remove itBert JW Regeer
2016-04-14Update test to verify the default is text/htmlBert JW Regeer
2016-04-14Make text/html the preferred server returnBert JW Regeer
This matches the original code whereby it would return an HTML page if you sent an Accept header of */*.
2016-04-12For */* case, MIMEAccept picks first server offerBert JW Regeer
This means that to make "text/plain" the default, we need to specifically make it the first thing we offer. For anything else, since the server offers are all weighted equally, the client order should be accepted.
2016-04-12PEP8Bert JW Regeer
2016-04-12We don't need to explicitly set charset for text/*Bert JW Regeer
application/json however doesn't have a charset, so we just specify that as UTF-8 for the purpose of encoding the bytes.
2016-04-12Test that JSON responses are actually JSONBert JW Regeer
We also test out the custom formatter that allows the user to change how the JSON is formatted for the exception.
2016-04-12Add new tests to verify we get what we ask forBert JW Regeer
This simply makes sure we get back the appropriate Content-Type based upon our Accept header.
2016-04-12Update tests to verif Content-Type headerBert JW Regeer
2016-04-12Explicit set Accept header to text/htmlBert JW Regeer
The default is now text/plain, so explicitly set the accept header for what we want to accept.
2016-04-12Use MIMEAccept not AcceptBert JW Regeer
Accept doesn't understand the notation of major/minor masks.
2016-04-12Using WebOb's acceptparse find best mimetype to useBert JW Regeer
We default to text/plain.
2016-04-12Merge branch 'master' into feature/require-csrfMichael Merickel
2016-04-12Merge branch 'master' into feature/BeforeTraversalBert JW Regeer
2016-04-12- use an environment variable and venv. See ↵Steve Piercy
https://github.com/Pylons/pyramid/pull/2468#discussion_r59311019 - rename stanza from `testing_extras` to `tests_require` - switch from nose to pytest
2016-04-11Merge branch 'master' into docs/easy-install-to-pip.2104Michael Merickel
2016-04-11remove theme.min.css, it serves no purposeMichael Merickel
2016-04-11fix readme to show directions in both alchemy and zodbMichael Merickel
2016-04-11- add trailing line endingSteve Piercy
2016-04-11- update narr/project.rst to use pip instead of setup.pySteve Piercy
- update starter scaffold tests and setup.py (used in `narr/project.rst` and `narr/testing.rst`) - update links to documentation
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-27 09:47:43 +0000