| | |
|---|
| | | unreleased |
|---|
| | | ========== |
|---|
| | | 1.7a2 (2016-04-19) |
|---|
| | | ================== |
|---|
| | | |
|---|
| | | Features |
|---|
| | | -------- |
|---|
| | | |
|---|
| | | - Automatic CSRF checks are now disabled by default on exception views. They |
|---|
| | | can be turned back on by setting the appropriate `require_csrf` option on |
|---|
| | | the view. |
|---|
| | | See https://github.com/Pylons/pyramid/pull/2517 |
|---|
| | | |
|---|
| | | - The automatic CSRF API was reworked to use a config directive for |
|---|
| | | setting the options. The ``pyramid.require_default_csrf`` setting is |
|---|
| | |
|---|
| | | setting is still supported. |
|---|
| | | See https://github.com/Pylons/pyramid/pull/2518 |
|---|
| | | |
|---|
| | | - Automatic CSRF checks are now disabled by default on exception views. They |
|---|
| | | can be turned back on by setting the appropriate `require_csrf` option on |
|---|
| | | the view. |
|---|
| | | See https://github.com/Pylons/pyramid/pull/2517 |
|---|
| | | Bug fixes |
|---|
| | | --------- |
|---|
| | | |
|---|
| | | - CSRF origin checks had a bug causing the checks to always fail. |
|---|
| | | See https://github.com/Pylons/pyramid/pull/2512 |
|---|
