From fab8454294b6271c727a0251c78b5f55df5788bf Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Wed, 5 Jun 2013 06:04:45 -0400
Subject: add changelog note

---
 CHANGES.txt | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'CHANGES.txt')

diff --git a/CHANGES.txt b/CHANGES.txt
index a471addce..6a26879a3 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -29,6 +29,11 @@ Features
   ``initialize_myapp_db etc/development.ini a=1 b=2``.
   See https://github.com/Pylons/pyramid/pull/911
 
+- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view
+  predicate now take into account the value of the HTTP header named
+  ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they
+  always did).  The header is tried when the form parameter does not exist.
+
 Bug Fixes
 ---------
 
-- 
cgit v1.2.3