Tags: Web5design/tornado
Tags
What's new in Tornado 2.4.1 =========================== Nov 24, 2012 ------------ Bug fixes ~~~~~~~~~ * Fixed a memory leak in `tornado.stack_context` that was especially likely with long-running ``@gen.engine`` functions. * `tornado.auth.TwitterMixin` now works on Python 3. * Fixed a bug in which `IOStream.read_until_close` with a streaming callback would sometimes pass the last chunk of data to the final callback instead of the streaming callback.
What's new in Tornado 2.4
=========================
Sep 4, 2012
-----------
General
~~~~~~~
* Fixed Python 3 bugs in `tornado.auth`, `tornado.locale`, and `tornado.wsgi`.
HTTP clients
~~~~~~~~~~~~
* Removed ``max_simultaneous_connections`` argument from `tornado.httpclient`
(both implementations). This argument hasn't been useful for some time
(if you were using it you probably want ``max_clients`` instead)
* `tornado.simple_httpclient` now accepts and ignores HTTP 1xx status
responses.
`tornado.ioloop` and `tornado.iostream`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fixed a bug introduced in 2.3 that would cause `IOStream` close callbacks
to not run if there were pending reads.
* Improved error handling in `SSLIOStream` and SSL-enabled `TCPServer`.
* `SSLIOStream.get_ssl_certificate` now has a ``binary_form`` argument
which is passed to ``SSLSocket.getpeercert``.
* `SSLIOStream.write` can now be called while the connection is in progress,
same as non-SSL `IOStream` (but be careful not to send sensitive data until
the connection has completed and the certificate has been verified).
* `IOLoop.add_handler` cannot be called more than once with the same file
descriptor. This was always true for ``epoll``, but now the other
implementations enforce it too.
* On Windows, `TCPServer` uses `SO_EXCLUSIVEADDRUSER` instead of `SO_REUSEADDR`.
`tornado.template`
~~~~~~~~~~~~~~~~~~
* ``{% break %}`` and ``{% continue %}`` can now be used looping constructs
in templates.
* It is no longer an error for an if/else/for/etc block in a template to
have an empty body.
`tornado.testing`
~~~~~~~~~~~~~~~~~
* New class `tornado.testing.AsyncHTTPSTestCase` is like `AsyncHTTPTestCase`.
but enables SSL for the testing server (by default using a self-signed
testing certificate).
* `tornado.testing.main` now accepts additional keyword arguments and forwards
them to `unittest.main`.
`tornado.web`
~~~~~~~~~~~~~
* New method `RequestHandler.get_template_namespace` can be overridden to
add additional variables without modifying keyword arguments to
`render_string`.
* `RequestHandler.add_header` now works with `WSGIApplication`.
* `RequestHandler.get_secure_cookie` now handles a potential error case.
* `RequestHandler.__init__` now calls ``super().__init__`` to ensure that
all constructors are called when multiple inheritance is used.
* Docs have been updated with a description of all available
:py:attr:`Application settings <tornado.web.Application.settings>`
Other modules
~~~~~~~~~~~~~
* `OAuthMixin` now accepts ``"oob"`` as a ``callback_uri``.
* `OpenIDMixin` now also returns the ``claimed_id`` field for the user.
* `tornado.platform.twisted` shutdown sequence is now more compatible.
* The logging configuration used in `tornado.options` is now more tolerant
of non-ascii byte strings.
What's new in Tornado 2.3 ========================= May 31, 2012 ------------ HTTP clients ~~~~~~~~~~~~ * `tornado.httpclient.HTTPClient` now supports the same constructor keyword arguments as `AsyncHTTPClient`. * The ``max_clients`` keyword argument to `AsyncHTTPClient.configure` now works. * `tornado.simple_httpclient` now supports the ``OPTIONS`` and ``PATCH`` HTTP methods. * `tornado.simple_httpclient` is better about closing its sockets instead of leaving them for garbage collection. * `tornado.simple_httpclient` correctly verifies SSL certificates for URLs containing IPv6 literals (This bug affected Python 2.5 and 2.6). * `tornado.simple_httpclient` no longer includes basic auth credentials in the ``Host`` header when those credentials are extracted from the URL. * `tornado.simple_httpclient` no longer modifies the caller-supplied header dictionary, which caused problems when following redirects. * `tornado.curl_httpclient` now supports client SSL certificates (using the same ``client_cert`` and ``client_key`` arguments as `tornado.simple_httpclient`) HTTP Server ~~~~~~~~~~~ * `HTTPServer` now works correctly with paths starting with ``//`` * `HTTPHeaders.copy` (inherited from `dict.copy`) now works correctly. * `HTTPConnection.address` is now always the socket address, even for non-IP sockets. `HTTPRequest.remote_ip` is still always an IP-style address (fake data is used for non-IP sockets) * Extra data at the end of multipart form bodies is now ignored, which fixes a compatibility problem with an iOS HTTP client library. ``IOLoop`` and ``IOStream`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * `IOStream` now has an ``error`` attribute that can be used to determine why a socket was closed. * `tornado.iostream.IOStream.read_until` and ``read_until_regex`` are much faster with large input. * `IOStream.write` performs better when given very large strings. * `IOLoop.instance()` is now thread-safe. ``tornado.options`` ~~~~~~~~~~~~~~~~~~~ * `tornado.options` options with ``multiple=True`` that are set more than once now overwrite rather than append. This makes it possible to override values set in `parse_config_file` with `parse_command_line`. * `tornado.options` ``--help`` output is now prettier. * `tornado.options.options` now supports attribute assignment. ``tornado.template`` ~~~~~~~~~~~~~~~~~~~~ * Template files containing non-ASCII (utf8) characters now work on Python 3 regardless of the locale environment variables. * Templates now support ``else`` clauses in ``try``/``except``/``finally``/``else`` blocks. ``tornado.web`` ~~~~~~~~~~~~~~~ * `tornado.web.RequestHandler` now supports the ``PATCH`` HTTP method. Note that this means any existing methods named ``patch`` in ``RequestHandler`` subclasses will need to be renamed. * `tornado.web.addslash` and ``removeslash`` decorators now send permanent redirects (301) instead of temporary (302). * `RequestHandler.flush` now invokes its callback whether there was any data to flush or not. * Repeated calls to `RequestHandler.set_cookie` with the same name now overwrite the previous cookie instead of producing additional copies. * `tornado.web.OutputTransform.transform_first_chunk` now takes and returns a status code in addition to the headers and chunk. This is a backwards-incompatible change to an interface that was never technically private, but was not included in the documentation and does not appear to have been used outside Tornado itself. * Fixed a bug on python versions before 2.6.5 when `URLSpec` regexes are constructed from unicode strings and keyword arguments are extracted. * The ``reverse_url`` function in the template namespace now comes from the `RequestHandler` rather than the `Application`. (Unless overridden, `RequestHandler.reverse_url` is just an alias for the `Application` method). * The ``Etag`` header is now returned on 304 responses to an ``If-None-Match`` request, improving compatibility with some caches. * `tornado.web` will no longer produce responses with status code 304 that also have entity headers such as ``Content-Length``. Other modules ~~~~~~~~~~~~~ * `tornado.auth.FacebookGraphMixin` no longer sends ``post_args`` redundantly in the url. * The ``extra_params`` argument to `tornado.escape.linkify` may now be a callable, to allow parameters to be chosen separately for each link. * `tornado.gen` no longer leaks `StackContexts` when a ``@gen.engine`` wrapped function is called repeatedly. * `tornado.locale.get_supported_locales` no longer takes a meaningless ``cls`` argument. * `StackContext` instances now have a deactivation callback that can be used to prevent further propagation. * `tornado.testing.AsyncTestCase.wait` now resets its timeout on each call. * `tornado.wsgi.WSGIApplication` now parses arguments correctly on Python 3. * Exception handling on Python 3 has been improved; previously some exceptions such as `UnicodeDecodeError` would generate `TypeErrors`
What's new in Tornado 2.2.1 =========================== Apr 23, 2012 ------------ Security fixes ~~~~~~~~~~~~~~ * `tornado.web.RequestHandler.set_header` now properly sanitizes input values to protect against header injection, response splitting, etc. (it has always attempted to do this, but the check was incorrect). Note that redirects, the most likely source of such bugs, are protected by a separate check in `RequestHandler.redirect`. Bug fixes ~~~~~~~~~ * Colored logging configuration in `tornado.options` is compatible with Python 3.2.3 (and 3.3).
What's new in Tornado 2.2
=========================
Jan 30, 2012
------------
Highlights
~~~~~~~~~~
* Updated and expanded WebSocket support.
* Improved compatibility in the Twisted/Tornado bridge.
* Template errors now generate better stack traces.
* Better exception handling in `tornado.gen`.
Security fixes
~~~~~~~~~~~~~~
* `tornado.simple_httpclient` now disables SSLv2 in all cases. Previously
SSLv2 would be allowed if the Python interpreter was linked against a
pre-1.0 version of OpenSSL.
Backwards-incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* `tornado.process.fork_processes` now raises `SystemExit` if all child
processes exit cleanly rather than returning ``None``. The old behavior
was surprising and inconsistent with most of the documented examples
of this function (which did not check the return value).
* On Python 2.6, `tornado.simple_httpclient` only supports SSLv3. This
is because Python 2.6 does not expose a way to support both SSLv3 and TLSv1
without also supporting the insecure SSLv2.
* `tornado.websocket` no longer supports the older "draft 76" version
of the websocket protocol by default, although this version can
be enabled by overriding `tornado.websocket.WebSocketHandler.allow_draft76`.
``tornado.httpclient``
~~~~~~~~~~~~~~~~~~~~~~
* `SimpleAsyncHTTPClient` no longer hangs on ``HEAD`` requests,
responses with no content, or empty ``POST``/``PUT`` response bodies.
* `SimpleAsyncHTTPClient` now supports 303 and 307 redirect codes.
* `tornado.curl_httpclient` now accepts non-integer timeouts.
* `tornado.curl_httpclient` now supports basic authentication with an
empty password.
``tornado.httpserver``
~~~~~~~~~~~~~~~~~~~~~~
* `HTTPServer` with ``xheaders=True`` will no longer accept
``X-Real-IP`` headers that don't look like valid IP addresses.
* `HTTPServer` now treats the ``Connection`` request header as
case-insensitive.
``tornado.ioloop`` and ``tornado.iostream``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* `IOStream.write` now works correctly when given an empty string.
* `IOStream.read_until` (and ``read_until_regex``) now perform better
when there is a lot of buffered data, which improves peformance of
`SimpleAsyncHTTPClient` when downloading files with lots of
chunks.
* `SSLIOStream` now works correctly when ``ssl_version`` is set to
a value other than ``SSLv23``.
* Idle ``IOLoops`` no longer wake up several times a second.
* `tornado.ioloop.PeriodicCallback` no longer triggers duplicate callbacks
when stopped and started repeatedly.
``tornado.template``
~~~~~~~~~~~~~~~~~~~~
* Exceptions in template code will now show better stack traces that
reference lines from the original template file.
* ``{#`` and ``#}`` can now be used for comments (and unlike the old
``{% comment %}`` directive, these can wrap other template directives).
* Template directives may now span multiple lines.
``tornado.web``
~~~~~~~~~~~~~~~
* Now behaves better when given malformed ``Cookie`` headers
* `RequestHandler.redirect` now has a ``status`` argument to send
status codes other than 301 and 302.
* New method `RequestHandler.on_finish` may be overridden for post-request
processing (as a counterpart to `RequestHandler.prepare`)
* `StaticFileHandler` now outputs ``Content-Length`` and ``Etag`` headers
on ``HEAD`` requests.
* `StaticFileHandler` now has overridable ``get_version`` and
``parse_url_path`` methods for use in subclasses.
* `RequestHandler.static_url` now takes an ``include_host`` parameter
(in addition to the old support for the `RequestHandler.include_host`
attribute).
``tornado.websocket``
~~~~~~~~~~~~~~~~~~~~~
* Updated to support the latest version of the protocol, as finalized
in RFC 6455.
* Many bugs were fixed in all supported protocol versions.
* `tornado.websocket` no longer supports the older "draft 76" version
of the websocket protocol by default, although this version can
be enabled by overriding `tornado.websocket.WebSocketHandler.allow_draft76`.
* `WebSocketHandler.write_message` now accepts a ``binary`` argument
to send binary messages.
* Subprotocols (i.e. the ``Sec-WebSocket-Protocol`` header) are now supported;
see the `WebSocketHandler.select_subprotocol` method for details.
* `WebSocketHandler.get_websocket_scheme` can be used to select the
appropriate url scheme (``ws://`` or ``wss://``) in cases where
`HTTPRequest.protocol` is not set correctly.
Other modules
~~~~~~~~~~~~~
* `tornado.auth.TwitterMixin.authenticate_redirect` now takes a
``callback_uri`` parameter.
* `tornado.auth.TwitterMixin.twitter_request` now accepts both URLs and
partial paths (complete URLs are useful for the search API which follows
different patterns).
* Exception handling in `tornado.gen` has been improved. It is now possible
to catch exceptions thrown by a ``Task``.
* `tornado.netutil.bind_sockets` now works when ``getaddrinfo`` returns
duplicate addresses.
* `tornado.platform.twisted` compatibility has been significantly improved.
Twisted version 11.1.0 is now supported in addition to 11.0.0.
* `tornado.process.fork_processes` correctly reseeds the `random` module
even when `os.urandom` is not implemented.
* `tornado.testing.main` supports a new flag ``--exception_on_interrupt``,
which can be set to false to make ``Ctrl-C`` kill the process more
reliably (at the expense of stack traces when it does so).
* `tornado.version_info` is now a four-tuple so official releases can be
distinguished from development branches.
What's new in Tornado 2.1.1 =========================== Oct 4, 2011 ----------- Bug fixes ~~~~~~~~~ * Fixed handling of closed connections with the ``epoll`` (i.e. Linux) ``IOLoop``. Previously, closed connections could be shut down too early, which most often manifested as "Stream is closed" exceptions in ``SimpleAsyncHTTPClient``. * Fixed a case in which chunked responses could be closed prematurely, leading to truncated output. * ``IOStream.connect`` now reports errors more consistently via logging and the close callback (this affects e.g. connections to localhost on FreeBSD). * ``IOStream.read_bytes`` again accepts both ``int`` and ``long`` arguments. * ``PeriodicCallback`` no longer runs repeatedly when ``IOLoop`` iterations complete faster than the resolution of ``time.time()`` (mainly a problem on Windows). Backwards-compatibility note ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Listening for ``IOLoop.ERROR`` alone is no longer sufficient for detecting closed connections on an otherwise unused socket. ``IOLoop.ERROR`` must always be used in combination with ``READ`` or ``WRITE``.
What's new in Tornado 2.1
=========================
Sep 20, 2011
------------
Backwards-incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Support for secure cookies written by pre-1.0 releases of Tornado has
been removed. The `RequestHandler.get_secure_cookie` method no longer
takes an ``include_name`` parameter.
* The ``debug`` application setting now causes stack traces to be displayed
in the browser on uncaught exceptions. Since this may leak sensitive
information, debug mode is not recommended for public-facing servers.
Security fixes
~~~~~~~~~~~~~~
* Diginotar has been removed from the default CA certificates file used
by `SimpleAsyncHTTPClient`.
New modules
~~~~~~~~~~~
* `tornado.gen`: A generator-based interface to simplify writing
asynchronous functions.
* `tornado.netutil`: Parts of `tornado.httpserver` have been extracted into
a new module for use with non-HTTP protocols.
* `tornado.platform.twisted`: A bridge between the Tornado IOLoop and the
Twisted Reactor, allowing code written for Twisted to be run on Tornado.
* `tornado.process`: Multi-process mode has been improved, and can now restart
crashed child processes. A new entry point has been added at
`tornado.process.fork_processes`, although
`tornado.httpserver.HTTPServer.start` is still supported.
``tornado.web``
~~~~~~~~~~~~~~~
* `tornado.web.RequestHandler.write_error` replaces ``get_error_html`` as the
preferred way to generate custom error pages (``get_error_html`` is still
supported, but deprecated)
* In `tornado.web.Application`, handlers may be specified by
(fully-qualified) name instead of importing and passing the class object
itself.
* It is now possible to use a custom subclass of ``StaticFileHandler``
with the ``static_handler_class`` application setting, and this subclass
can override the behavior of the ``static_url`` method.
* `~tornado.web.StaticFileHandler` subclasses can now override
``get_cache_time`` to customize cache control behavior.
* `tornado.web.RequestHandler.get_secure_cookie` now has a ``max_age_days``
parameter to allow applications to override the default one-month expiration.
* `~tornado.web.RequestHandler.set_cookie` now accepts a ``max_age`` keyword
argument to set the ``max-age`` cookie attribute (note underscore vs dash)
* `tornado.web.RequestHandler.set_default_headers` may be overridden to set
headers in a way that does not get reset during error handling.
* `RequestHandler.add_header` can now be used to set a header that can
appear multiple times in the response.
* `RequestHandler.flush` can now take a callback for flow control.
* The ``application/json`` content type can now be gzipped.
* The cookie-signing functions are now accessible as static functions
`tornado.web.create_signed_value` and `tornado.web.decode_signed_value`.
``tornado.httpserver``
~~~~~~~~~~~~~~~~~~~~~~
* To facilitate some advanced multi-process scenarios, ``HTTPServer``
has a new method ``add_sockets``, and socket-opening code is
available separately as `tornado.netutil.bind_sockets`.
* The ``cookies`` property is now available on `tornado.httpserver.HTTPRequest`
(it is also available in its old location as a property of
`~tornado.web.RequestHandler`)
* `tornado.httpserver.HTTPServer.bind` now takes a backlog argument with the
same meaning as ``socket.listen``.
* `~tornado.httpserver.HTTPServer` can now be run on a unix socket as well
as TCP.
* Fixed exception at startup when ``socket.AI_ADDRCONFIG`` is not available,
as on Windows XP
``IOLoop`` and ``IOStream``
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* `~tornado.iostream.IOStream` performance has been improved, especially for
small synchronous requests.
* New methods `tornado.iostream.IOStream.read_until_close` and
`tornado.iostream.IOStream.read_until_regex`.
* `IOStream.read_bytes` and `IOStream.read_until_close` now take a
``streaming_callback`` argument to return data as it is received rather
than all at once.
* `IOLoop.add_timeout` now accepts `datetime.timedelta` objects in addition
to absolute timestamps.
* `~tornado.ioloop.PeriodicCallback` now sticks to the specified period
instead of creeping later due to accumulated errors.
* `tornado.ioloop.IOLoop` and `tornado.httpclient.HTTPClient` now have
``close()`` methods that should be used in applications that create
and destroy many of these objects.
* `IOLoop.install` can now be used to use a custom subclass of IOLoop
as the singleton without monkey-patching.
* `~tornado.iostream.IOStream` should now always call the close callback
instead of the connect callback on a connection error.
* The `IOStream` close callback will no longer be called while there
are pending read callbacks that can be satisfied with buffered data.
``tornado.simple_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Now supports client SSL certificates with the ``client_key`` and
``client_cert`` parameters to `tornado.httpclient.HTTPRequest`
* Now takes a maximum buffer size, to allow reading files larger than 100MB
* Now works with HTTP 1.0 servers that don't send a Content-Length header
* The ``allow_nonstandard_methods`` flag on HTTP client requests now
permits methods other than ``POST`` and ``PUT`` to contain bodies.
* Fixed file descriptor leaks and multiple callback invocations in
`SimpleAsyncHTTPClient`
* No longer consumes extra connection resources when following redirects.
* Now works with buggy web servers that separate headers with ``\n`` instead
of ``\r\n\r\n``.
* Now sets ``response.request_time`` correctly.
* Connect timeouts now work correctly.
Other modules
~~~~~~~~~~~~~
* `tornado.auth.OpenIDMixin` now uses the correct realm when the
callback URI is on a different domain.
* `tornado.autoreload` has a new command-line interface which can be used
to wrap any script. This replaces the ``--autoreload`` argument to
`tornado.testing.main` and is more robust against syntax errors.
* `tornado.autoreload.watch` can be used to watch files other than
the sources of imported modules.
* `tornado.database.Connection` has new variants of ``execute`` and
``executemany`` that return the number of rows affected instead of
the last inserted row id.
* `tornado.locale.load_translations` now accepts any properly-formatted
locale name, not just those in the predefined ``LOCALE_NAMES`` list.
* `tornado.options.define` now takes a ``group`` parameter to group options
in ``--help`` output.
* Template loaders now take a ``namespace`` constructor argument to add
entries to the template namespace.
* `tornado.websocket` now supports the latest ("hybi-10") version of the
protocol (the old version, "hixie-76" is still supported; the correct
version is detected automatically).
* `tornado.websocket` now works on Python 3
Bug fixes
~~~~~~~~~
* Windows support has been improved. Windows is still not an officially
supported platform, but the test suite now passes and
`tornado.autoreload` works.
* Uploading files whose names contain special characters will now work.
* Cookie values containing special characters are now properly quoted
and unquoted.
* Multi-line headers are now supported.
* Repeated Content-Length headers (which may be added by certain proxies)
are now supported in `HTTPServer`.
* Unicode string literals now work in template expressions.
* The template ``{% module %}`` directive now works even if applications
use a template variable named ``modules``.
* Requests with "Expect: 100-continue" now work on python 3
Major changes:
* Template output is automatically escaped by default; see backwards
compatibility note below.
* The default AsyncHTTPClient implementation is now simple_httpclient.
* Python 3.2 is now supported.
Backwards compatibility:
* Template autoescaping is enabled by default. Applications upgrading from
a previous release of Tornado must either disable autoescaping or adapt
their templates to work with it. For most applications, the simplest
way to do this is to pass autoescape=None to the Application constructor.
* Applications that wish to continue using curl_httpclient instead of
simple_httpclient may do so by calling
AsyncHTTPClient.configure("tornado.curl_httpclient.CurlAsyncHTTPClient")
at the beginning of the process. Users of Python 2.5 will probably want
to use curl_httpclient as simple_httpclient only supports ssl on Python 2.6+.
* Python 3 compatibility involved many changes throughout the codebase,
so users are encouraged to test their applications more thoroughly than
usual when upgrading to this release.
Other changes in this release:
* Templates support several new directives:
- {% autoescape ...%} to control escaping behavior
- {% raw ... %} for unescaped output
- {% module ... %} for calling UIModules
* {% module Template(path, **kwargs) %} may now be used to call another
template with an independent namespace
* All IOStream callbacks are now run directly on the IOLoop via add_callback.
* HTTPServer now supports IPv6 where available. To disable, pass
family=socket.AF_INET to HTTPServer.bind().
* HTTPClient now supports IPv6, configurable via allow_ipv6=bool on the
HTTPRequest. allow_ipv6 defaults to false on simple_httpclient and true
on curl_httpclient.
* RequestHandlers can use an encoding other than utf-8 for query parameters
by overriding decode_argument()
* Performance improvements, especially for applications that use a lot of
IOLoop timeouts
* HTTP OPTIONS method no longer requires an XSRF token.
* JSON output (RequestHandler.write(dict)) now sets Content-Type to
application/json
* Etag computation can now be customized or disabled by overriding
RequestHandler.compute_etag
* USE_SIMPLE_HTTPCLIENT environment variable is no longer supported.
Use AsyncHTTPClient.configure instead.
We are pleased to announce the release of Tornado 1.2.1, available from http://github.com/downloads/facebook/tornado/tornado-1.2.1.tar.gz This release contains only two small changes relative to version 1.2: * FacebookGraphMixin has been updated to work with a recent change to the Facebook API. * Running "setup.py install" will no longer attempt to automatically install pycurl. This wasn't working well on platforms where the best way to install pycurl is via something like apt-get instead of easy_install. This is an important upgrade if you are using FacebookGraphMixin, but otherwise it can be safely ignored. -Ben
We are pleased to announce the release of Tornado 1.2, available from http://github.com/downloads/facebook/tornado/tornado-1.2.tar.gz Backwards compatibility notes: * This release includes the backwards-incompatible security change from version 1.1.1. Users upgrading from 1.1 or earlier should read the release notes from that release: http://groups.google.com/group/python-tornado/browse_thread/thread/b36191c781580cde * StackContexts that do something other than catch exceptions may need to be modified to be reentrant. tornadoweb@7a7e241 * When XSRF tokens are used, the token must also be present on PUT and DELETE requests (anything but GET and HEAD) New features: * A new HTTP client implementation is available in the module tornado.simple_httpclient. This HTTP client does not depend on pycurl. It has not yet been tested extensively in production, but is intended to eventually replace the pycurl-based HTTP client in a future release of Tornado. To transparently replace tornado.httpclient.AsyncHTTPClient with this new implementation, you can set the environment variable USE_SIMPLE_HTTPCLIENT=1 (note that the next release of Tornado will likely include a different way to select HTTP client implementations) * Request logging is now done by the Application rather than the RequestHandler. Logging behavior may be customized by either overriding Application.log_request in a subclass or by passing log_function as an Application setting * Application.listen(port): Convenience method as an alternative to explicitly creating an HTTPServer * tornado.escape.linkify(): Wrap urls in <a> tags * RequestHandler.create_signed_value(): Create signatures like the secure_cookie methods without setting cookies. * tornado.testing.get_unused_port(): Returns a port selected in the same way as inAsyncHTTPTestCase * AsyncHTTPTestCase.fetch(): Convenience method for synchronous fetches * IOLoop.set_blocking_signal_threshold(): Set a callback to be run when the IOLoop is blocked. * IOStream.connect(): Asynchronously connect a client socket * AsyncHTTPClient.handle_callback_exception(): May be overridden in subclass for custom error handling * httpclient.HTTPRequest has two new keyword arguments, validate_cert and ca_certs. Setting validate_cert=False will disable all certificate checks when fetching https urls. ca_certs may be set to a filename containing trusted certificate authorities (defaults will be used if this is unspecified) * HTTPRequest.get_ssl_certificate(): Returns the client's SSL certificate (if client certificates were requested in the server's ssl_options * StaticFileHandler can be configured to return a default file (e.g. index.html) when a directory is requested * Template directives of the form "{% from x import y %}" are now supported (in addition to the existing support for "{% import x %}" * FacebookGraphMixin.get_authenticated_user now accepts a new parameter 'extra_fields' which may be used to request additional information about the user Bug fixes: * auth: Fixed KeyError with Facebook offline_access * auth: Uses request.uri instead of request.path as the default redirect so that parameters are preserved. * escape: xhtml_escape() now returns a unicode string, not utf8-encoded bytes * ioloop: Callbacks added with add_callback are now run in the order they were added * ioloop: PeriodicCallback.stop can now be called from inside the callback. * iostream: Fixed several bugs in SSLIOStream * iostream: Detect when the other side has closed the connection even with the select()-based IOLoop * iostream: read_bytes(0) now works as expected * iostream: Fixed bug when writing large amounts of data on windows * iostream: Fixed infinite loop that could occur with unhandled exceptions * httpclient: Fix bugs when some requests use proxies and others don't * httpserver: HTTPRequest.protocol is now set correctly when using the built-in SSL support * httpserver: When using multiple processes, the standard library's random number generator is re-seeded in each child process * httpserver: With xheaders enabled, X-Forwarded-Proto is supported as an alternative to X-Scheme * httpserver: Fixed bugs in multipart/form-data parsing * locale: format_date() now behaves sanely with dates in the future * locale: Updates to the language list * stack_context: Fixed bug with contexts leaking through reused IOStreams * stack_context: Simplified semantics and improved performance * web: The order of css_files from UIModules is now preserved * web: Fixed error with default_host redirect * web: StaticFileHandler works when os.path.sep != '/' (i.e. on Windows) * web: Fixed a caching-related bug in StaticFileHandler when a file's timestamp has changed but its contents have not. * web: Fixed bugs with HEAD requests and e.g. Etag headers * web: Fix bugs when different handlers have different static_paths * web: @removeslash will no longer cause a redirect loop when applied to the root path * websocket: Now works over SSL * websocket: Improved compatibility with proxies Many thanks to everyone who contributed patches, bug reports, and feedback that went into this release! -Ben
PreviousNext