unreleased ========== Features -------- - Added an execution policy hook to the request pipeline. An execution policy has the ability to control creation and execution of the request objects before they enter rest of the pipeline. This means for a given request that the policy may create more than one request for retry purposes. See https://github.com/Pylons/pyramid/pull/2964 - Support an ``open_url`` config setting in the ``pserve`` section of the config file. This url is used to open a web browser when ``pserve --browser`` is invoked. When this setting is unavailable the ``pserve`` script will attempt to guess the port the server is using from the ``server:`` section of the config file but there is no requirement that the server is being run in this format so it may fail. See https://github.com/Pylons/pyramid/pull/2984 - The threadlocals are now available inside any function invoked via ``config.include``. This means the only config-time code that cannot rely on threadlocals is code executed from non-actions inside the main. This can be alleviated by invoking ``config.begin()`` and ``config.end()`` appropriately. See https://github.com/Pylons/pyramid/pull/2989 - A new CSRF implementation, ``pyramid.csrf.SessionCSRFStoragePolicy``, has been added which delegates all CSRF generation to the current session, following the old API for this. A ``pyramid.csrf.get_csrf_token()`` api is now available in template global scope, to make it easy for template developers to get the current CSRF token without adding it to Python code. See https://github.com/Pylons/pyramid/pull/2854 and https://github.com/Pylons/pyramid/pull/3019 Bug Fixes --------- - HTTPException's accepts a detail kwarg that may be used to pass additional details to the exception. You may now pass objects so long as they have a valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951 - Fix a reference cycle causing memory leaks in which the registry would keep a ``Configurator`` instance alive even after the configurator was discarded. Another fix was also added for the ``global_registries`` object in which the registry was stored in a closure preventing it from being deallocated. See https://github.com/Pylons/pyramid/pull/2967 - Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the ``--reload`` option in which ``sys.argv`` is always used in the subprocess instead of the supplied ``argv``. See https://github.com/Pylons/pyramid/pull/2962 Deprecations ------------ Backward Incompatibilities -------------------------- Documentation Changes --------------------- - Retrieving CSRF token from the session has been deprecated, in favor of equivalent methods in :mod:`pyramid.csrf`. See https://github.com/Pylons/pyramid/pull/2854