From 682a9b9df6f42f8261daa077f04b47b65bf00c34 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sat, 29 Apr 2017 01:43:38 -0500 Subject: final cleanup of csrf decoupling in #2854 - Renamed `SessionCSRFStoragePolicy` to `LegacySessionCSRFStoragePolicy` for the version that uses the legacy `ISession.get_csrf_token` and `ISession.new_csrf_token` apis and set that as the default. - Added new `SessionCSRFStoragePolicy` that stores data in the session similar to how the `SessionAuthenticationPolicy` works. - `CookieCSRFStoragePolicy` did not properly return the newly generated token from `get_csrf_token` after calling `new_csrf_token`. It needed to cache the new value since the response callback does not affect the current request. - `CookieCSRFStoragePolicy` was not forwarding the `domain` value to the `CookieProfile` causing that setting to be ignored. - Removed `check_csrf_token` from the `ICSRFStoragePolicy` interface to simplify implementations of storage policies. - Added an introspectable item for the configured storage policy so that it appears on the debugtoolbar. - Added a change note on `ISession` that it no longer required the csrf methods. - Leave deprecated shims in ``pyramid.session`` for ``check_csrf_origin`` and ``check_csrf_token``. --- docs/narr/templates.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/narr/templates.rst') diff --git a/docs/narr/templates.rst b/docs/narr/templates.rst index 6b3b5fcce..4eadbd2f0 100644 --- a/docs/narr/templates.rst +++ b/docs/narr/templates.rst @@ -228,6 +228,10 @@ These values are provided to the template: provided if the template is rendered as the result of a ``renderer=`` argument to the view configuration being used. +``get_csrf_token()`` + A convenience function to access the current CSRF token. See + :ref:`get_csrf_token_in_templates` for more information. + ``renderer_name`` The renderer name used to perform the rendering, e.g., ``mypackage:templates/foo.pt``. -- cgit v1.2.3 From 19d341b5be789e97000d3dcbd33de75d8b061829 Mon Sep 17 00:00:00 2001 From: Steve Piercy Date: Mon, 26 Jun 2017 03:48:21 -0700 Subject: change http://docs.pylonsproject.org to https - use correct URL for code style - use correct Pyramid version for zodb wiki src file template --- docs/narr/templates.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs/narr/templates.rst') diff --git a/docs/narr/templates.rst b/docs/narr/templates.rst index 4eadbd2f0..6738e9270 100644 --- a/docs/narr/templates.rst +++ b/docs/narr/templates.rst @@ -450,12 +450,12 @@ templating languages including the following: .. _Chameleon: http://chameleon.readthedocs.org/en/latest/ .. _pyramid_chameleon: - http://docs.pylonsproject.org/projects/pyramid-chameleon/en/latest/ + https://docs.pylonsproject.org/projects/pyramid-chameleon/en/latest/ .. _Jinja2: http://jinja.pocoo.org/docs/dev/ .. _pyramid_jinja2: - http://docs.pylonsproject.org/projects/pyramid-jinja2/en/latest/ + https://docs.pylonsproject.org/projects/pyramid-jinja2/en/latest/ .. _Mako: http://www.makotemplates.org/ .. _pyramid_mako: - http://docs.pylonsproject.org/projects/pyramid-mako/en/latest/ + https://docs.pylonsproject.org/projects/pyramid-mako/en/latest/ -- cgit v1.2.3 From a816a883492d530c50183e92d5a43fab07181114 Mon Sep 17 00:00:00 2001 From: Steve Piercy Date: Tue, 27 Jun 2017 01:05:41 -0700 Subject: Update all external links per `make linkcheck` - Most are changing http to https, or readthedocs.org to readthedocs.io, and some for Python packaging reorganizing some docs into tutorials, as well as miscellaneous changes. --- docs/narr/templates.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/narr/templates.rst') diff --git a/docs/narr/templates.rst b/docs/narr/templates.rst index 6738e9270..156cb863f 100644 --- a/docs/narr/templates.rst +++ b/docs/narr/templates.rst @@ -448,7 +448,7 @@ templating languages including the following: | Mako_ | pyramid_mako_ | .mak, .mako | +---------------------------+----------------------------+--------------------+ -.. _Chameleon: http://chameleon.readthedocs.org/en/latest/ +.. _Chameleon: https://chameleon.readthedocs.io/en/latest/ .. _pyramid_chameleon: https://docs.pylonsproject.org/projects/pyramid-chameleon/en/latest/ -- cgit v1.2.3