| commit | author | age | ||
| b38bbf | 1 | unreleased |
| MM | 2 | ========== |
| bdb8e0 | 3 | |
| fa8a9d | 4 | Major Features |
| MM | 5 | -------------- |
| 6 | ||
| 7 | - The file format used by all ``p*`` command line scripts such as ``pserve`` | |
| 8 | and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function | |
| 9 | is now replaceable thanks to a new dependency on | |
| f454b8 | 10 | `plaster <http://docs.pylonsproject.org/projects/plaster/en/latest/>`_. |
| fa8a9d | 11 | |
| MM | 12 | For now, Pyramid is still shipping with integrated support for the |
| 13 | PasteDeploy INI format by depending on the ``plaster_pastedeploy`` binding. | |
| 6419a3 | 14 | This may change in the future. |
| fa8a9d | 15 | |
| MM | 16 | See https://github.com/Pylons/pyramid/pull/2985 |
| 5f4649 | 17 | |
| 4c3971 | 18 | - Added an execution policy hook to the request pipeline. An execution |
| MM | 19 | policy has the ability to control creation and execution of the request |
| f454b8 | 20 | objects before they enter the rest of the pipeline. This means for a single |
| fa8a9d | 21 | request environ the policy may create more than one request object. |
| MM | 22 | |
| 23 | The first library to use this feature is | |
| 24 | `pyramid_retry | |
| f454b8 | 25 | <http://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_. |
| fa8a9d | 26 | |
| MM | 27 | See https://github.com/Pylons/pyramid/pull/2964 |
| 28 | ||
| 6419a3 | 29 | - CSRF support has been refactored out of sessions and into its own |
| MM | 30 | independent API in the ``pyramid.csrf`` module. It supports a pluggable |
| 31 | ``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your | |
| 32 | own mechanism for generating and validating CSRF tokens. By default, | |
| 33 | Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy`` | |
| 34 | that uses the ``request.session.get_csrf_token`` and | |
| 35 | ``request.session.new_csrf_token`` APIs under the hood to preserve | |
| 36 | compatibility. Two new policies are shipped as well, | |
| 37 | ``pyramid.csrf.SessionCSRFStoragePolicy`` and | |
| 38 | ``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens | |
| 39 | in the session and in a standalone cookie, respectively. The storage policy | |
| 40 | can be changed by using the new | |
| 41 | ``pyramid.config.Configurator.set_csrf_storage_policy`` config directive. | |
| 42 | ||
| 43 | CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``, | |
| 44 | ``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs | |
| 45 | in order to continue working if the storage policy is changed. Also, the | |
| 46 | ``pyramid.csrf.get_csrf_token`` function is injected into templates to be | |
| 47 | used conveniently in UI code. | |
| 48 | ||
| 682a9b | 49 | See https://github.com/Pylons/pyramid/pull/2854 and |
| MM | 50 | https://github.com/Pylons/pyramid/pull/3019 |
| a2c7c7 | 51 | |
| 2b9b6c | 52 | Minor Features |
| MM | 53 | -------------- |
| 9028c9 | 54 | |
| MM | 55 | - Support an ``open_url`` config setting in the ``pserve`` section of the |
| 56 | config file. This url is used to open a web browser when ``pserve --browser`` | |
| 57 | is invoked. When this setting is unavailable the ``pserve`` script will | |
| 58 | attempt to guess the port the server is using from the | |
| 59 | ``server:<server_name>`` section of the config file but there is no | |
| 60 | requirement that the server is being run in this format so it may fail. | |
| 61 | See https://github.com/Pylons/pyramid/pull/2984 | |
| 62 | ||
| 87af11 | 63 | - The ``pyramid.config.Configurator`` can now be used as a context manager |
| MM | 64 | which will automatically push/pop threadlocals (similar to |
| 65 | ``config.begin()`` and ``config.end()``). It will also automatically perform | |
| 66 | a ``config.commit()`` and thus it is only recommended to be used at the | |
| 67 | top-level of your app. See https://github.com/Pylons/pyramid/pull/2874 | |
| a2c7c7 | 68 | |
| 847fb7 | 69 | - The threadlocals are now available inside any function invoked via |
| MM | 70 | ``config.include``. This means the only config-time code that cannot rely |
| 71 | on threadlocals is code executed from non-actions inside the main. This | |
| 72 | can be alleviated by invoking ``config.begin()`` and ``config.end()`` | |
| 73 | appropriately or using the new context manager feature of the configurator. | |
| 74 | See https://github.com/Pylons/pyramid/pull/2989 | |
| 75 | ||
| 1cf132 | 76 | Bug Fixes |
| BJR | 77 | --------- |
| 45f882 | 78 | |
| 564b63 | 79 | - HTTPException's accepts a detail kwarg that may be used to pass additional |
| BJR | 80 | details to the exception. You may now pass objects so long as they have a |
| 169155 | 81 | valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 |
| MM | 82 | |
| 83 | - Fix a reference cycle causing memory leaks in which the registry | |
| 84 | would keep a ``Configurator`` instance alive even after the configurator | |
| 85 | was discarded. Another fix was also added for the ``global_registries`` | |
| 86 | object in which the registry was stored in a closure preventing it from | |
| 87 | being deallocated. See https://github.com/Pylons/pyramid/pull/2967 | |
| 564b63 | 88 | |
| 38294e | 89 | - Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the |
| MM | 90 | ``--reload`` option in which ``sys.argv`` is always used in the subprocess |
| 91 | instead of the supplied ``argv``. | |
| 92 | See https://github.com/Pylons/pyramid/pull/2962 | |
| 93 | ||
| 1cf132 | 94 | Deprecations |
| BJR | 95 | ------------ |
| cb98a9 | 96 | |
| 2b9b6c | 97 | - Pyramid currently depends on ``plaster_pastedeploy`` to simplify the |
| MM | 98 | transition to ``plaster`` by maintaining integrated support for INI files. |
| 99 | This dependency on ``plaster_pastedeploy`` should be considered subject to | |
| 100 | Pyramid's deprecation policy and is subject to removal in the future. | |
| 101 | Applications should depend on the appropriate plaster binding to satisfy | |
| 102 | their needs. | |
| d2f0fe | 103 | |
| 2b9b6c | 104 | - Retrieving CSRF token from the session has been deprecated in favor of |
| MM | 105 | equivalent methods in the ``pyramid.csrf`` module. The CSRF methods |
| 106 | (``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer | |
| 107 | required on the ``ISession`` interface except when using the default | |
| 108 | ``pyramid.csrf.LegacySessionCSRFStoragePolicy``. | |
| a2c7c7 | 109 | |
| 2b9b6c | 110 | Also, ``pyramid.session.check_csrf_token`` is now located at |
| MM | 111 | ``pyramid.csrf.check_csrf_token``. |
| 112 | ||
| 113 | See https://github.com/Pylons/pyramid/pull/2854 and | |
| 114 | https://github.com/Pylons/pyramid/pull/3019 | |
