commit | author | age
|
37d887
|
1 |
unreleased |
MM |
2 |
========== |
|
3 |
|
|
4 |
- Add an informative error message when unknown predicates are supplied. The |
|
5 |
new message suggests alternatives based on the list of known predicates. |
|
6 |
See https://github.com/Pylons/pyramid/pull/3054 |
|
7 |
|
50d216
|
8 |
- Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and |
SP |
9 |
resulting source files in tutorials. |
|
10 |
See https://github.com/Pylons/pyramid/issues/2548 |
|
11 |
|
d179ce
|
12 |
- Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to |
SP |
13 |
use shortcut. |
cc8ce5
|
14 |
See https://github.com/Pylons/pyramid/issues/3042 |
MM |
15 |
|
|
16 |
- Ensure the correct threadlocals are pushed during view execution when |
|
17 |
invoked from ``request.invoke_exception_view``. |
|
18 |
See https://github.com/Pylons/pyramid/pull/3060 |
d179ce
|
19 |
|
7b3249
|
20 |
- Fix a bug in which ``pyramid.security.ALL_PERMISSIONS`` failed to return |
MM |
21 |
a valid iterator in its ``__iter__`` implementation. |
|
22 |
See https://github.com/Pylons/pyramid/pull/3074 |
|
23 |
|
1fc7ee
|
24 |
1.9a2 (2017-05-09) |
MM |
25 |
================== |
|
26 |
|
|
27 |
Backward Incompatibilities |
|
28 |
-------------------------- |
|
29 |
|
|
30 |
- ``request.exception`` and ``request.exc_info`` will only be set if the |
|
31 |
response was generated by the EXCVIEW tween. This is to avoid any confusion |
|
32 |
where a response was generated elsewhere in the pipeline and not in |
|
33 |
direct relation to the original exception. If anyone upstream wants to |
|
34 |
catch and render responses for exceptions they should set |
|
35 |
``request.exception`` and ``request.exc_info`` themselves to indicate |
|
36 |
the exception that was squashed when generating the response. |
|
37 |
|
|
38 |
Similar behavior occurs with ``request.invoke_exception_view`` in which |
|
39 |
the exception properties are set to reflect the exception if a response |
|
40 |
is successfully generated by the method. |
|
41 |
|
|
42 |
This is a very minor incompatibility. Most tweens right now would give |
|
43 |
priority to the raised exception and ignore ``request.exception``. This |
|
44 |
change just improves and clarifies that bookkeeping by trying to be |
|
45 |
more clear about the relationship between the response and its squashed |
|
46 |
exception. See https://github.com/Pylons/pyramid/pull/3029 and |
|
47 |
https://github.com/Pylons/pyramid/pull/3031 |
|
48 |
|
c84904
|
49 |
1.9a1 (2017-05-01) |
MM |
50 |
================== |
bdb8e0
|
51 |
|
fa8a9d
|
52 |
Major Features |
MM |
53 |
-------------- |
|
54 |
|
|
55 |
- The file format used by all ``p*`` command line scripts such as ``pserve`` |
|
56 |
and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function |
|
57 |
is now replaceable thanks to a new dependency on |
f454b8
|
58 |
`plaster <http://docs.pylonsproject.org/projects/plaster/en/latest/>`_. |
fa8a9d
|
59 |
|
MM |
60 |
For now, Pyramid is still shipping with integrated support for the |
fdd77d
|
61 |
PasteDeploy INI format by depending on the |
fbfd81
|
62 |
`plaster_pastedeploy <https://github.com/Pylons/plaster_pastedeploy>`_ |
fdd77d
|
63 |
binding library. This may change in the future. |
fa8a9d
|
64 |
|
MM |
65 |
See https://github.com/Pylons/pyramid/pull/2985 |
5f4649
|
66 |
|
4c3971
|
67 |
- Added an execution policy hook to the request pipeline. An execution |
MM |
68 |
policy has the ability to control creation and execution of the request |
f454b8
|
69 |
objects before they enter the rest of the pipeline. This means for a single |
fa8a9d
|
70 |
request environ the policy may create more than one request object. |
MM |
71 |
|
|
72 |
The first library to use this feature is |
|
73 |
`pyramid_retry |
f454b8
|
74 |
<http://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_. |
fa8a9d
|
75 |
|
MM |
76 |
See https://github.com/Pylons/pyramid/pull/2964 |
|
77 |
|
6419a3
|
78 |
- CSRF support has been refactored out of sessions and into its own |
MM |
79 |
independent API in the ``pyramid.csrf`` module. It supports a pluggable |
|
80 |
``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your |
|
81 |
own mechanism for generating and validating CSRF tokens. By default, |
|
82 |
Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy`` |
|
83 |
that uses the ``request.session.get_csrf_token`` and |
|
84 |
``request.session.new_csrf_token`` APIs under the hood to preserve |
|
85 |
compatibility. Two new policies are shipped as well, |
|
86 |
``pyramid.csrf.SessionCSRFStoragePolicy`` and |
|
87 |
``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens |
|
88 |
in the session and in a standalone cookie, respectively. The storage policy |
|
89 |
can be changed by using the new |
|
90 |
``pyramid.config.Configurator.set_csrf_storage_policy`` config directive. |
|
91 |
|
|
92 |
CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``, |
|
93 |
``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs |
|
94 |
in order to continue working if the storage policy is changed. Also, the |
|
95 |
``pyramid.csrf.get_csrf_token`` function is injected into templates to be |
|
96 |
used conveniently in UI code. |
|
97 |
|
682a9b
|
98 |
See https://github.com/Pylons/pyramid/pull/2854 and |
MM |
99 |
https://github.com/Pylons/pyramid/pull/3019 |
a2c7c7
|
100 |
|
2b9b6c
|
101 |
Minor Features |
MM |
102 |
-------------- |
9028c9
|
103 |
|
MM |
104 |
- Support an ``open_url`` config setting in the ``pserve`` section of the |
|
105 |
config file. This url is used to open a web browser when ``pserve --browser`` |
|
106 |
is invoked. When this setting is unavailable the ``pserve`` script will |
|
107 |
attempt to guess the port the server is using from the |
|
108 |
``server:<server_name>`` section of the config file but there is no |
|
109 |
requirement that the server is being run in this format so it may fail. |
|
110 |
See https://github.com/Pylons/pyramid/pull/2984 |
|
111 |
|
87af11
|
112 |
- The ``pyramid.config.Configurator`` can now be used as a context manager |
MM |
113 |
which will automatically push/pop threadlocals (similar to |
|
114 |
``config.begin()`` and ``config.end()``). It will also automatically perform |
|
115 |
a ``config.commit()`` and thus it is only recommended to be used at the |
|
116 |
top-level of your app. See https://github.com/Pylons/pyramid/pull/2874 |
a2c7c7
|
117 |
|
847fb7
|
118 |
- The threadlocals are now available inside any function invoked via |
MM |
119 |
``config.include``. This means the only config-time code that cannot rely |
|
120 |
on threadlocals is code executed from non-actions inside the main. This |
|
121 |
can be alleviated by invoking ``config.begin()`` and ``config.end()`` |
|
122 |
appropriately or using the new context manager feature of the configurator. |
|
123 |
See https://github.com/Pylons/pyramid/pull/2989 |
|
124 |
|
1cf132
|
125 |
Bug Fixes |
BJR |
126 |
--------- |
45f882
|
127 |
|
564b63
|
128 |
- HTTPException's accepts a detail kwarg that may be used to pass additional |
BJR |
129 |
details to the exception. You may now pass objects so long as they have a |
169155
|
130 |
valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 |
MM |
131 |
|
|
132 |
- Fix a reference cycle causing memory leaks in which the registry |
|
133 |
would keep a ``Configurator`` instance alive even after the configurator |
|
134 |
was discarded. Another fix was also added for the ``global_registries`` |
|
135 |
object in which the registry was stored in a closure preventing it from |
|
136 |
being deallocated. See https://github.com/Pylons/pyramid/pull/2967 |
564b63
|
137 |
|
38294e
|
138 |
- Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the |
MM |
139 |
``--reload`` option in which ``sys.argv`` is always used in the subprocess |
|
140 |
instead of the supplied ``argv``. |
|
141 |
See https://github.com/Pylons/pyramid/pull/2962 |
|
142 |
|
1cf132
|
143 |
Deprecations |
BJR |
144 |
------------ |
cb98a9
|
145 |
|
2b9b6c
|
146 |
- Pyramid currently depends on ``plaster_pastedeploy`` to simplify the |
MM |
147 |
transition to ``plaster`` by maintaining integrated support for INI files. |
|
148 |
This dependency on ``plaster_pastedeploy`` should be considered subject to |
2aebc6
|
149 |
Pyramid's deprecation policy and may be removed in the future. |
2b9b6c
|
150 |
Applications should depend on the appropriate plaster binding to satisfy |
MM |
151 |
their needs. |
d2f0fe
|
152 |
|
2b9b6c
|
153 |
- Retrieving CSRF token from the session has been deprecated in favor of |
MM |
154 |
equivalent methods in the ``pyramid.csrf`` module. The CSRF methods |
|
155 |
(``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer |
|
156 |
required on the ``ISession`` interface except when using the default |
|
157 |
``pyramid.csrf.LegacySessionCSRFStoragePolicy``. |
a2c7c7
|
158 |
|
2b9b6c
|
159 |
Also, ``pyramid.session.check_csrf_token`` is now located at |
MM |
160 |
``pyramid.csrf.check_csrf_token``. |
|
161 |
|
|
162 |
See https://github.com/Pylons/pyramid/pull/2854 and |
|
163 |
https://github.com/Pylons/pyramid/pull/3019 |
3213e2
|
164 |
|
785088
|
165 |
Documentation Changes |
MM |
166 |
--------------------- |
|
167 |
|
|
168 |
- Added the execution policy to the routing diagram in the Request Processing |
840508
|
169 |
chapter. See https://github.com/Pylons/pyramid/pull/2993 |