From 643a83473a6faabd0ff08547a0cbca09e9cdda1c Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Wed, 19 Sep 2012 04:46:01 -0400
Subject: A ``check_csrf`` view predicate was added.  For example, you can now
 do ``config.add_view(someview, check_csrf=True)``.  When the predicate is
 checked, if the ``csrf_token`` value in ``request.params`` matches the csrf
 token in the request's session, the view will be permitted to execute.
 Otherwise, it will not be permitted to execute.

---
 docs/whatsnew-1.4.rst | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'docs/whatsnew-1.4.rst')

diff --git a/docs/whatsnew-1.4.rst b/docs/whatsnew-1.4.rst
index 76320f6e6..86bfc7c0a 100644
--- a/docs/whatsnew-1.4.rst
+++ b/docs/whatsnew-1.4.rst
@@ -156,6 +156,12 @@ Minor Feature Additions
 - A new :func:`pyramid.session.check_csrf_token` convenience API function was
   added.
 
+- A ``check_csrf`` view predicate was added.  For example, you can now do
+  ``config.add_view(someview, check_csrf=True)``.  When the predicate is
+  checked, if the ``csrf_token`` value in ``request.params`` matches the csrf
+  token in the request's session, the view will be permitted to execute.
+  Otherwise, it will not be permitted to execute.
+
 Backwards Incompatibilities
 ---------------------------
 
-- 
cgit v1.2.3