commit | author | age
|
b38bbf
|
1 |
unreleased |
MM |
2 |
========== |
bdb8e0
|
3 |
|
fa8a9d
|
4 |
Major Features |
MM |
5 |
-------------- |
|
6 |
|
|
7 |
- The file format used by all ``p*`` command line scripts such as ``pserve`` |
|
8 |
and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function |
|
9 |
is now replaceable thanks to a new dependency on |
f454b8
|
10 |
`plaster <http://docs.pylonsproject.org/projects/plaster/en/latest/>`_. |
fa8a9d
|
11 |
|
MM |
12 |
For now, Pyramid is still shipping with integrated support for the |
|
13 |
PasteDeploy INI format by depending on the ``plaster_pastedeploy`` binding. |
6419a3
|
14 |
This may change in the future. |
fa8a9d
|
15 |
|
MM |
16 |
See https://github.com/Pylons/pyramid/pull/2985 |
5f4649
|
17 |
|
4c3971
|
18 |
- Added an execution policy hook to the request pipeline. An execution |
MM |
19 |
policy has the ability to control creation and execution of the request |
f454b8
|
20 |
objects before they enter the rest of the pipeline. This means for a single |
fa8a9d
|
21 |
request environ the policy may create more than one request object. |
MM |
22 |
|
|
23 |
The first library to use this feature is |
|
24 |
`pyramid_retry |
f454b8
|
25 |
<http://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_. |
fa8a9d
|
26 |
|
MM |
27 |
See https://github.com/Pylons/pyramid/pull/2964 |
|
28 |
|
6419a3
|
29 |
- CSRF support has been refactored out of sessions and into its own |
MM |
30 |
independent API in the ``pyramid.csrf`` module. It supports a pluggable |
|
31 |
``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your |
|
32 |
own mechanism for generating and validating CSRF tokens. By default, |
|
33 |
Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy`` |
|
34 |
that uses the ``request.session.get_csrf_token`` and |
|
35 |
``request.session.new_csrf_token`` APIs under the hood to preserve |
|
36 |
compatibility. Two new policies are shipped as well, |
|
37 |
``pyramid.csrf.SessionCSRFStoragePolicy`` and |
|
38 |
``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens |
|
39 |
in the session and in a standalone cookie, respectively. The storage policy |
|
40 |
can be changed by using the new |
|
41 |
``pyramid.config.Configurator.set_csrf_storage_policy`` config directive. |
|
42 |
|
|
43 |
CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``, |
|
44 |
``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs |
|
45 |
in order to continue working if the storage policy is changed. Also, the |
|
46 |
``pyramid.csrf.get_csrf_token`` function is injected into templates to be |
|
47 |
used conveniently in UI code. |
|
48 |
|
682a9b
|
49 |
See https://github.com/Pylons/pyramid/pull/2854 and |
MM |
50 |
https://github.com/Pylons/pyramid/pull/3019 |
a2c7c7
|
51 |
|
2b9b6c
|
52 |
Minor Features |
MM |
53 |
-------------- |
9028c9
|
54 |
|
MM |
55 |
- Support an ``open_url`` config setting in the ``pserve`` section of the |
|
56 |
config file. This url is used to open a web browser when ``pserve --browser`` |
|
57 |
is invoked. When this setting is unavailable the ``pserve`` script will |
|
58 |
attempt to guess the port the server is using from the |
|
59 |
``server:<server_name>`` section of the config file but there is no |
|
60 |
requirement that the server is being run in this format so it may fail. |
|
61 |
See https://github.com/Pylons/pyramid/pull/2984 |
|
62 |
|
87af11
|
63 |
- The ``pyramid.config.Configurator`` can now be used as a context manager |
MM |
64 |
which will automatically push/pop threadlocals (similar to |
|
65 |
``config.begin()`` and ``config.end()``). It will also automatically perform |
|
66 |
a ``config.commit()`` and thus it is only recommended to be used at the |
|
67 |
top-level of your app. See https://github.com/Pylons/pyramid/pull/2874 |
a2c7c7
|
68 |
|
847fb7
|
69 |
- The threadlocals are now available inside any function invoked via |
MM |
70 |
``config.include``. This means the only config-time code that cannot rely |
|
71 |
on threadlocals is code executed from non-actions inside the main. This |
|
72 |
can be alleviated by invoking ``config.begin()`` and ``config.end()`` |
|
73 |
appropriately or using the new context manager feature of the configurator. |
|
74 |
See https://github.com/Pylons/pyramid/pull/2989 |
|
75 |
|
1cf132
|
76 |
Bug Fixes |
BJR |
77 |
--------- |
45f882
|
78 |
|
564b63
|
79 |
- HTTPException's accepts a detail kwarg that may be used to pass additional |
BJR |
80 |
details to the exception. You may now pass objects so long as they have a |
169155
|
81 |
valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 |
MM |
82 |
|
|
83 |
- Fix a reference cycle causing memory leaks in which the registry |
|
84 |
would keep a ``Configurator`` instance alive even after the configurator |
|
85 |
was discarded. Another fix was also added for the ``global_registries`` |
|
86 |
object in which the registry was stored in a closure preventing it from |
|
87 |
being deallocated. See https://github.com/Pylons/pyramid/pull/2967 |
564b63
|
88 |
|
38294e
|
89 |
- Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the |
MM |
90 |
``--reload`` option in which ``sys.argv`` is always used in the subprocess |
|
91 |
instead of the supplied ``argv``. |
|
92 |
See https://github.com/Pylons/pyramid/pull/2962 |
|
93 |
|
1cf132
|
94 |
Deprecations |
BJR |
95 |
------------ |
cb98a9
|
96 |
|
2b9b6c
|
97 |
- Pyramid currently depends on ``plaster_pastedeploy`` to simplify the |
MM |
98 |
transition to ``plaster`` by maintaining integrated support for INI files. |
|
99 |
This dependency on ``plaster_pastedeploy`` should be considered subject to |
|
100 |
Pyramid's deprecation policy and is subject to removal in the future. |
|
101 |
Applications should depend on the appropriate plaster binding to satisfy |
|
102 |
their needs. |
d2f0fe
|
103 |
|
2b9b6c
|
104 |
- Retrieving CSRF token from the session has been deprecated in favor of |
MM |
105 |
equivalent methods in the ``pyramid.csrf`` module. The CSRF methods |
|
106 |
(``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer |
|
107 |
required on the ``ISession`` interface except when using the default |
|
108 |
``pyramid.csrf.LegacySessionCSRFStoragePolicy``. |
a2c7c7
|
109 |
|
2b9b6c
|
110 |
Also, ``pyramid.session.check_csrf_token`` is now located at |
MM |
111 |
``pyramid.csrf.check_csrf_token``. |
|
112 |
|
|
113 |
See https://github.com/Pylons/pyramid/pull/2854 and |
|
114 |
https://github.com/Pylons/pyramid/pull/3019 |