| | |
| | | |
| | | This change does mean that any existing auth tickets (and associated cookies) |
| | | will no longer be valid, and users will no longer be logged in, and have to |
| | | login to their accounts again. No other backwards incompatible changes have |
| | | been made. |
| | | login to their accounts again. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2496 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Added a new setting, ``pyramid.require_default_csrf`` which may be used |
| | | to turn on CSRF checks globally for every POST request in the application. |
| | | This should be considered a good default for websites built on Pyramid. |
| | | It is possible to opt-out of CSRF checks on a per-view basis by setting |
| | | ``require_csrf=False`` on those views. |
| | | See https://github.com/Pylons/pyramid/pull/2413 |
| | | |
| | | - Added a ``require_csrf`` view option which will enforce CSRF checks on POST |
| | | requests. If the CSRF check fails a ``BadCSRFToken`` exception will be |
| | | raised and may be caught by exception views (the default response is a |
| | | ``400 Bad Request``). This option should be used in place of the deprecated |
| | | ``check_csrf`` view predicate which would normally result in unexpected |
| | | ``404 Not Found`` response to the client instead of a catchable exception. |
| | | See https://github.com/Pylons/pyramid/pull/2413 |
| | | |
| | | - Pyramid HTTPExceptions will now take into account the best match for the |
| | | clients Accept header, and depending on what is requested will return |
| | |
| | | has access to options passed to ``config.add_view`` and can affect other |
| | | stages of the pipeline such as the raw response from a view or prior to |
| | | security checks. See https://github.com/Pylons/pyramid/pull/2021 |
| | | |
| | | |
| | | - Allow a leading ``=`` on the key of the request param predicate. |
| | | For example, '=abc=1' is equivalent down to |
| | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - (Deprecation) Support for Python 3.3 will be removed in Pyramid 1.8. |
| | | - The ``check_csrf`` view predicate has been deprecated. Use the |
| | | new ``require_csrf`` option or the ``pyramid.require_default_csrf`` setting |
| | | to ensure that the ``BadCSRFToken`` exception is raised. |
| | | See https://github.com/Pylons/pyramid/pull/2413 |
| | | |
| | | - Support for Python 3.3 will be removed in Pyramid 1.8. |
| | | https://github.com/Pylons/pyramid/issues/2477 |
| | | |
| | | - Python 2.6 is no longer supported by Pyramid. See |
| | |
| | | |
| | | - Dropped Python 3.2 support. |
| | | See https://github.com/Pylons/pyramid/pull/2256 |
| | | |
| | | |
| | | 1.6 (2015-04-14) |
| | | ================ |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - IPython and BPython support have been removed from pshell in the core. |
| | | To continue using them on Pyramid 1.6+ you must install the binding |
| | | packages explicitly:: |
| | | |
| | | $ pip install pyramid_ipython |
| | | |
| | | or |
| | | |
| | | $ pip install pyramid_bpython |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - pcreate will now ask for confirmation if invoked with |
| | | an argument for a project name that already exists or |
| | | is importable in the current environment. |
| | | See https://github.com/Pylons/pyramid/issues/1357 and |
| | | https://github.com/Pylons/pyramid/pull/1837 |
| | | |
| | | - Make it possible to subclass ``pyramid.request.Request`` and also use |
| | | ``pyramid.request.Request.add_request.method``. See |
| | | https://github.com/Pylons/pyramid/issues/1529 |
| | | |
| | | - The ``pyramid.config.Configurator`` has grown the ability to allow |
| | | actions to call other actions during a commit-cycle. This enables much more |
| | | logic to be placed into actions, such as the ability to invoke other actions |
| | | or group them for improved conflict detection. We have also exposed and |
| | | documented the config phases that Pyramid uses in order to further assist |
| | | in building conforming addons. |
| | | See https://github.com/Pylons/pyramid/pull/1513 |
| | | |
| | | - Add ``pyramid.request.apply_request_extensions`` function which can be |
| | | used in testing to apply any request extensions configured via |
| | | ``config.add_request_method``. Previously it was only possible to test |
| | | the extensions by going through Pyramid's router. |
| | | See https://github.com/Pylons/pyramid/pull/1581 |
| | | |
| | | - pcreate when run without a scaffold argument will now print information on |
| | | the missing flag, as well as a list of available scaffolds. |
| | | See https://github.com/Pylons/pyramid/pull/1566 and |
| | | https://github.com/Pylons/pyramid/issues/1297 |
| | | |
| | | - Added support / testing for 'pypy3' under Tox and Travis. |
| | | See https://github.com/Pylons/pyramid/pull/1469 |
| | | |
| | | - Automate code coverage metrics across py2 and py3 instead of just py2. |
| | | See https://github.com/Pylons/pyramid/pull/1471 |
| | | |
| | | - Cache busting for static resources has been added and is available via a new |
| | | ``pyramid.config.Configurator.add_cache_buster`` API. Core APIs are shipped |
| | | for both cache busting via query strings and via asset manifests for |
| | | integrating into custom asset pipelines. |
| | | See https://github.com/Pylons/pyramid/pull/1380 and |
| | | https://github.com/Pylons/pyramid/pull/1583 and |
| | | https://github.com/Pylons/pyramid/pull/2171 |
| | | |
| | | - Add ``pyramid.config.Configurator.root_package`` attribute and init |
| | | parameter to assist with includeable packages that wish to resolve |
| | | resources relative to the package in which the ``Configurator`` was created. |
| | | This is especially useful for addons that need to load asset specs from |
| | | settings, in which case it is may be natural for a developer to define |
| | | imports or assets relative to the top-level package. |
| | | See https://github.com/Pylons/pyramid/pull/1337 |
| | | |
| | | - Added line numbers to the log formatters in the scaffolds to assist with |
| | | debugging. See https://github.com/Pylons/pyramid/pull/1326 |
| | | |
| | | - Add new HTTP exception objects for status codes |
| | | ``428 Precondition Required``, ``429 Too Many Requests`` and |
| | | ``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``. |
| | | See https://github.com/Pylons/pyramid/pull/1372/files |
| | | |
| | | - The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is |
| | | defined in the environment prior to launching the interpreter. |
| | | See https://github.com/Pylons/pyramid/pull/1448 |
| | | |
| | | - Make it simple to define notfound and forbidden views that wish to use |
| | | the default exception-response view but with altered predicates and other |
| | | configuration options. The ``view`` argument is now optional in |
| | | ``config.add_notfound_view`` and ``config.add_forbidden_view``.. |
| | | See https://github.com/Pylons/pyramid/issues/494 |
| | | |
| | | - Greatly improve the readability of the ``pcreate`` shell script output. |
| | | See https://github.com/Pylons/pyramid/pull/1453 |
| | | |
| | | - Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and |
| | | the ``SignedCookieSessionFactory`` classes by using the stdlib's |
| | | ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+). |
| | | See https://github.com/Pylons/pyramid/pull/1457 |
| | | |
| | | - Assets can now be overidden by an absolute path on the filesystem when using |
| | | the ``config.override_asset`` API. This makes it possible to fully support |
| | | serving up static content from a mutable directory while still being able |
| | | to use the ``request.static_url`` API and ``config.add_static_view``. |
| | | Previously it was not possible to use ``config.add_static_view`` with an |
| | | absolute path **and** generate urls to the content. This change replaces |
| | | the call, ``config.add_static_view('/abs/path', 'static')``, with |
| | | ``config.add_static_view('myapp:static', 'static')`` and |
| | | ``config.override_asset(to_override='myapp:static/', |
| | | override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely |
| | | made up and does not need to exist - it is used for generating urls |
| | | via ``request.static_url('myapp:static/foo.png')``. |
| | | See https://github.com/Pylons/pyramid/issues/1252 |
| | | |
| | | - Added ``pyramid.config.Configurator.set_response_factory`` and the |
| | | ``response_factory`` keyword argument to the ``Configurator`` for defining |
| | | a factory that will return a custom ``Response`` class. |
| | | See https://github.com/Pylons/pyramid/pull/1499 |
| | | |
| | | - Allow an iterator to be returned from a renderer. Previously it was only |
| | | possible to return bytes or unicode. |
| | | See https://github.com/Pylons/pyramid/pull/1417 |
| | | |
| | | - ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server |
| | | URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533 |
| | | |
| | | - Overall improvments for the ``proutes`` command. Added ``--format`` and |
| | | ``--glob`` arguments to the command, introduced the ``method`` |
| | | column for displaying available request methods, and improved the ``view`` |
| | | output by showing the module instead of just ``__repr__``. |
| | | See https://github.com/Pylons/pyramid/pull/1488 |
| | | |
| | | - Support keyword-only arguments and function annotations in views in |
| | | Python 3. See https://github.com/Pylons/pyramid/pull/1556 |
| | | |
| | | - ``request.response`` will no longer be mutated when using the |
| | | ``pyramid.renderers.render_to_response()`` API. It is now necessary to |
| | | pass in a ``response=`` argument to ``render_to_response`` if you wish to |
| | | supply the renderer with a custom response object for it to use. If you |
| | | do not pass one then a response object will be created using the |
| | | application's ``IResponseFactory``. Almost all renderers |
| | | mutate the ``request.response`` response object (for example, the JSON |
| | | renderer sets ``request.response.content_type`` to ``application/json``). |
| | | However, when invoking ``render_to_response`` it is not expected that the |
| | | response object being returned would be the same one used later in the |
| | | request. The response object returned from ``render_to_response`` is now |
| | | explicitly different from ``request.response``. This does not change the |
| | | API of a renderer. See https://github.com/Pylons/pyramid/pull/1563 |
| | | |
| | | - The ``append_slash`` argument of ```Configurator().add_notfound_view()`` will |
| | | now accept anything that implements the ``IResponse`` interface and will use |
| | | that as the response class instead of the default ``HTTPFound``. See |
| | | https://github.com/Pylons/pyramid/pull/1610 |
| | | |
| | | - Additional shells for ``pshell`` can now be registered as entrypoints. See |
| | | https://github.com/Pylons/pyramid/pull/1891 and |
| | | https://github.com/Pylons/pyramid/pull/2012 |
| | | |
| | | - The variables injected into ``pshell`` are now displayed with their |
| | | docstrings instead of the default ``str(obj)`` when possible. |
| | | See https://github.com/Pylons/pyramid/pull/1929 |
| | | |
| | | - ``pserve --reload`` will no longer crash on syntax errors!!! |
| | | See https://github.com/Pylons/pyramid/pull/2044 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Work around an issue where ``pserve --reload`` would leave terminal echo |
| | | disabled if it reloaded during a pdb session. |
| | | See https://github.com/Pylons/pyramid/pull/1577, |
| | | https://github.com/Pylons/pyramid/pull/1592 |
| | | |
| | | - ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise |
| | | ``ValueError`` when accidentally passed ``None``. |
| | | See https://github.com/Pylons/pyramid/pull/1320 |
| | | |
| | | - Fix an issue whereby predicates would be resolved as maybe_dotted in the |
| | | introspectable but not when passed for registration. This would mean that |
| | | ``add_route_predicate`` for example can not take a string and turn it into |
| | | the actual callable function. |
| | | See https://github.com/Pylons/pyramid/pull/1306 |
| | | |
| | | - Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper |
| | | package. Previously it was not possible to do package-relative includes |
| | | using the returned ``Configurator`` during testing. There is now a |
| | | ``package`` argument that can override this behavior as well. |
| | | See https://github.com/Pylons/pyramid/pull/1322 |
| | | |
| | | - Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset |
| | | where it does not belong. See https://github.com/Pylons/pyramid/pull/1251 |
| | | |
| | | - Work around a bug introduced in Python 2.7.7 on Windows where |
| | | ``mimetypes.guess_type`` returns Unicode rather than str for the content |
| | | type, unlike any previous version of Python. See |
| | | https://github.com/Pylons/pyramid/issues/1360 for more information. |
| | | |
| | | - ``pcreate`` now normalizes the package name by converting hyphens to |
| | | underscores. See https://github.com/Pylons/pyramid/pull/1376 |
| | | |
| | | - Fix an issue with the final response/finished callback being unable to |
| | | add another callback to the list. See |
| | | https://github.com/Pylons/pyramid/pull/1373 |
| | | |
| | | - Fix a failing unittest caused by differing mimetypes across various OSs. |
| | | See https://github.com/Pylons/pyramid/issues/1405 |
| | | |
| | | - Fix route generation for static view asset specifications having no path. |
| | | See https://github.com/Pylons/pyramid/pull/1377 |
| | | |
| | | - Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no |
| | | valid request object. In this case it will not wrap the object in a |
| | | callback and thus behave just like the ``pyramid.renderers.JSON`` renderer. |
| | | See https://github.com/Pylons/pyramid/pull/1561 |
| | | |
| | | - Prevent "parameters to load are deprecated" ``DeprecationWarning`` |
| | | from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541 |
| | | |
| | | - Avoiding sharing the ``IRenderer`` objects across threads when attached to |
| | | a view using the `renderer=` argument. These renderers were instantiated |
| | | at time of first render and shared between requests, causing potentially |
| | | subtle effects like `pyramid.reload_templates = true` failing to work |
| | | in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575 |
| | | and https://github.com/Pylons/pyramid/issues/1268 |
| | | |
| | | - Avoiding timing attacks against CSRF tokens. |
| | | See https://github.com/Pylons/pyramid/pull/1574 |
| | | |
| | | - ``request.finished_callbacks`` and ``request.response_callbacks`` now |
| | | default to an iterable instead of ``None``. It may be checked for a length |
| | | of 0. This was the behavior in 1.5. |
| | | |
| | | - ``pyramid.httpexceptions.HTTPException`` now defaults to |
| | | ``520 Unknown Error`` instead of ``None None`` to conform with changes in |
| | | WebOb 1.5. |
| | | See https://github.com/Pylons/pyramid/pull/1865 |
| | | |
| | | - ``pshell`` will now preserve the capitalization of variables in the |
| | | ``[pshell]`` section of the INI file. This makes exposing classes to the |
| | | shell a little more straightfoward. |
| | | See https://github.com/Pylons/pyramid/pull/1883 |
| | | |
| | | - Fix an issue when user passes unparsed strings to ``pyramid.session.CookieSession`` |
| | | and ``pyramid.authentication.AuthTktCookieHelper`` for time related parameters |
| | | ``timeout``, ``reissue_time``, ``max_age`` that expect an integer value. |
| | | See https://github.com/Pylons/pyramid/pull/2050 |
| | | |
| | | - Fixed usage of ``pserve --monitor-restart --daemon`` which would fail in |
| | | horrible ways. See https://github.com/Pylons/pyramid/pull/2118 |
| | | |
| | | - Explicitly prevent ``pserve --reload --daemon`` from being used. It's never |
| | | been supported but would work and fail in weird ways. |
| | | See https://github.com/Pylons/pyramid/pull/2119 |
| | | |
| | | - Fix an issue on Windows when running ``pserve --reload`` in which the |
| | | process failed to fork because it could not find the pserve script to |
| | | run. See https://github.com/Pylons/pyramid/pull/2137 |
| | | |
| | | - Ensure that ``IAssetDescriptor.abspath`` always returns an absolute path. |
| | | There were cases depending on the process CWD that a relative path would |
| | | be returned. See https://github.com/Pylons/pyramid/issues/2187 |
| | | |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``pserve`` command's daemonization features have been deprecated as well |
| | | as ``--monitor-restart``. This includes the ``[start,stop,restart,status]`` |
| | | subcommands as well as the ``--daemon``, ``--stop-daemon``, ``--pid-file``, |
| | | ``--status``, ``--user`` and ``--group`` flags. |
| | | See https://github.com/Pylons/pyramid/pull/2120 |
| | | and https://github.com/Pylons/pyramid/pull/2189 |
| | | and https://github.com/Pylons/pyramid/pull/1641 |
| | | |
| | | Please use a real process manager in the future instead of relying on the |
| | | ``pserve`` to daemonize itself. Many options exist including your Operating |
| | | System's services such as Systemd or Upstart, as well as Python-based |
| | | solutions like Circus and Supervisor. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/1641 |
| | | and https://github.com/Pylons/pyramid/pull/2120 |
| | | |
| | | - Renamed the ``principal`` argument to ``pyramid.security.remember()`` to |
| | | ``userid`` in order to clarify its intended purpose. |
| | | See https://github.com/Pylons/pyramid/pull/1399 |
| | | |
| | | Docs |
| | | ---- |
| | | |
| | | - Moved the documentation for ``accept`` on ``Configurator.add_view`` to no |
| | | longer be part of the predicate list. See |
| | | https://github.com/Pylons/pyramid/issues/1391 for a bug report stating |
| | | ``not_`` was failing on ``accept``. Discussion with @mcdonc led to the |
| | | conclusion that it should not be documented as a predicate. |
| | | See https://github.com/Pylons/pyramid/pull/1487 for this PR |
| | | |
| | | - Removed logging configuration from Quick Tutorial ini files except for |
| | | scaffolding- and logging-related chapters to avoid needing to explain it too |
| | | early. |
| | | |
| | | - Clarify a previously-implied detail of the ``ISession.invalidate`` API |
| | | documentation. |
| | | |
| | | - Improve and clarify the documentation on what Pyramid defines as a |
| | | ``principal`` and a ``userid`` in its security APIs. |
| | | See https://github.com/Pylons/pyramid/pull/1399 |
| | | |
| | | - Add documentation of command line programs (``p*`` scripts). See |
| | | https://github.com/Pylons/pyramid/pull/2191 |
| | | |
| | | Scaffolds |
| | | --------- |
| | | |
| | | - Update scaffold generating machinery to return the version of pyramid and |
| | | pyramid docs for use in scaffolds. Updated starter, alchemy and zodb |
| | | templates to have links to correctly versioned documentation and reflect |
| | | which pyramid was used to generate the scaffold. |
| | | |
| | | - Removed non-ascii copyright symbol from templates, as this was |
| | | causing the scaffolds to fail for project generation. |
| | | |
| | | - You can now run the scaffolding func tests via ``tox py2-scaffolds`` and |
| | | ``tox py3-scaffolds``. |
| | | |