From a2c7c7a49bceeaaab2853e7e73c3671979d4c9ed Mon Sep 17 00:00:00 2001
From: Matthew Wilkes <git@matthewwilkes.name>
Date: Mon, 5 Dec 2016 12:16:26 +0100
Subject: Create a new ICSRF implementation for getting CSRF tokens, split out
 from the session machinery.

Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation.
---
 CHANGES.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'CHANGES.txt')

diff --git a/CHANGES.txt b/CHANGES.txt
index c8a87f625..9d6264688 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -24,6 +24,14 @@ Features
   can be alleviated by invoking ``config.begin()`` and ``config.end()``
   appropriately. See https://github.com/Pylons/pyramid/pull/2989
 
+- A new CSRF implementation, :class:`pyramid.csrf.SessionCSRF` has been added,
+  which deleagates all CSRF generation to the current session, following the
+  old API for this. A ``get_csrf_token()`` method is now available in template
+  global scope, to make it easy for template developers to get the current CSRF
+  token without adding it to Python code.
+  See https://github.com/Pylons/pyramid/pull/2854
+
+
 Bug Fixes
 ---------
 
@@ -50,3 +58,7 @@ Backward Incompatibilities
 
 Documentation Changes
 ---------------------
+
+- Retrieving CSRF token from the session has been deprecated, in favor of
+  equivalent methods in :mod:`pyramid.csrf`.
+  See https://github.com/Pylons/pyramid/pull/2854
-- 
cgit v1.2.3