first | « prev | next »
Steve Piercy
2018-03-18 90478fe4328ed465ecb63513905d26d8b8a2d069
2018-03-16 Hong Yuan
Fix secret length in doc of SignedCookieSessionFactory
blob@ 3f17f3 commitdiff | diff to current
2017-04-29 Michael Merickel
final cleanup of csrf decoupling in #2854
blob@ 682a9b commitdiff | diff to current
2016-12-05 Matthew Wilkes
Create a new ICSRF implementation for getting CSRF tokens, split out from t...
blob@ a2c7c7 commitdiff | diff to current
2016-11-16 Michael Merickel
Revert "turn on warnings by default for ``pyramid.deprecation.RemoveInVersi...
blob@ c151ad commitdiff | diff to current
2016-11-16 Michael Merickel
fix docstring on check_csrf_token
blob@ b13b1c commitdiff | diff to current
2016-11-15 Michael Merickel
turn on warnings by default for ``pyramid.deprecation.RemoveInVersion19Warn...
blob@ 9c8d43 commitdiff | diff to current
2016-04-18 Michael Merickel
replace pyramid.require_default_csrf setting with config.set_default_csrf_o...
blob@ de3d0c commitdiff | diff to current
2016-04-17 Donald Stufft
request.host_port is a str not an int
blob@ 884043 commitdiff | diff to current
2016-04-16 Michael Merickel
drop py27-only features at least temporarily
blob@ 3d5dbd commitdiff | diff to current
2016-04-16 Michael Merickel
add docs and backward incompatibility notices for #2501
blob@ 8ceb14 commitdiff | diff to current
2016-04-16 Michael Merickel
fix format string to work on py26
blob@ dd45cf commitdiff | diff to current
2016-04-16 Donald Stufft
In addition to CSRF token, verify the origin too
blob@ 65dee6 commitdiff | diff to current
2016-04-15 Donald Stufft
Only Accept CSRF Tokens in headers or POST bodies
blob@ f12005 commitdiff | diff to current
2016-04-11 Michael Merickel
cleanup some references in the docs
blob@ 769da1 commitdiff | diff to current
2016-01-28 Michael Merickel
convert csrf tokens to bytes prior to string compare
blob@ f16a1b commitdiff | diff to current
2016-01-13 Michael Merickel
expect py3 and special-case py2 behavior
blob@ bc37a5 commitdiff | diff to current
2015-11-23 Michael Merickel
expose the PickleSerializer
blob@ ee9c62 commitdiff | diff to current
2015-10-31 RamiC
Convert max_age argument to int when applicable
blob@ fa7886 commitdiff | diff to current
2015-10-29 RamiC
Remove a leaked line from a local test
blob@ b6f0be commitdiff | diff to current
2015-10-29 RamiC
Convert reissue_time argument to int values when applicable
blob@ a43abd commitdiff | diff to current
2015-10-28 RamiC
Convert timeout argument to int values when applicable
blob@ 67ff3b commitdiff | diff to current
2015-02-10 Donald Stufft
Default to an empty string instead of None
blob@ 9756f6 commitdiff | diff to current
2015-02-10 Donald Stufft
Prevent timing attacks when checking CSRF token
blob@ b809c7 commitdiff | diff to current
2014-04-08 Chris McDonough
fix merge conflict while merging master to 1.5 branch
blob@ ecb376 commitdiff | diff to current
2014-02-27 Michael Merickel
handle reissue_time=None properly
blob@ b2dd47 commitdiff | diff to current
2014-02-27 Michael Merickel
fix timeout=None bug as well as some other potential unpacking problems
blob@ 8f4fbd commitdiff | diff to current
2014-02-27 Michael Merickel
79-char line widths!
blob@ 1098ac commitdiff | diff to current
2014-02-27 Michael Merickel
improve timeout docs
blob@ 89dc46 commitdiff | diff to current
2014-02-22 Michael Merickel
fix regression with code expecting secrets to be encoded with latin-1
blob@ cf026e commitdiff | diff to current
2014-02-22 Michael Merickel
support high-order characters in UnencryptedCookieSessionFactoryConfig secrets
blob@ adcacf commitdiff | diff to current
2014-02-10 Steve Piercy
- Garden PR #1121
blob@ 2033ee commitdiff | diff to current
2013-12-19 Michael Merickel
typos
blob@ dd4499 commitdiff | diff to current
2013-12-10 Chris McDonough
add note about non-bw-compat between SignedCookieSessionFactory and Unencry...
blob@ ab579e commitdiff | diff to current
2013-12-07 Chris McDonough
use a single serializer instead of serialize/deserialize in session.py, use...
blob@ 8134a7 commitdiff | diff to current
2013-10-27 Bert JW Regeer
digestmod() has to accept a parameter in certain cases
blob@ 1c0db5 commitdiff | diff to current
2013-10-20 Chris McDonough
fix merge conflict
blob@ da295e commitdiff | diff to current
2013-10-19 Michael Merickel
remove unnecessary length check, slices are magic
blob@ dc491c commitdiff | diff to current
2013-10-19 Michael Merickel
moar typos
blob@ 2dea18 commitdiff | diff to current
2013-10-19 Michael Merickel
remove redundant "see"
blob@ 7c756b commitdiff | diff to current
2013-10-19 Chris McDonough
add admonishment against secret sharing
blob@ e521f1 commitdiff | diff to current
2013-10-19 Chris McDonough
use zope.deprecation for warning about the UnencryptedCookieSessionFactoryC...
blob@ 9536f9 commitdiff | diff to current
2013-10-19 Michael Merickel
move HTTPBadCSRFToken to p.exceptions.BadCSRFToken
blob@ 0e2914 commitdiff | diff to current
2013-10-19 Michael Merickel
update the docs
blob@ 8df7a7 commitdiff | diff to current
2013-10-19 Michael Merickel
add deprecation for old cookie factory
blob@ 10c685 commitdiff | diff to current
2013-10-19 Michael Merickel
update session to use a static salt and separate serialize funcs
blob@ b0b09c commitdiff | diff to current
2013-10-08 Karl O. Pinc
Subclass HTTPBadCSRFToken from HTTPBadRequest and have request.session.chec...
blob@ 0905d2 commitdiff | diff to current
2013-10-05 Michael Merickel
fix py3
blob@ 61e938 commitdiff | diff to current
2013-10-05 Michael Merickel
introduce SignedCookieSessionFactory
blob@ 4fade6 commitdiff | diff to current
2013-10-03 Michael Merickel
modification to the unencrypted cookie to use a clearer api
blob@ 3a6cbc commitdiff | diff to current
2013-06-03 Luke Cyca
Changed header name to X-CSRF-Token
blob@ ea93cf commitdiff | diff to current
first | « prev | next »