forked from Pylons/pyramid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES.txt
191 lines (151 loc) · 8.7 KB
/
CHANGES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
1.9b1 (2017-06-19)
==================
- Add an informative error message when unknown predicates are supplied. The
new message suggests alternatives based on the list of known predicates.
See https://github.com/Pylons/pyramid/pull/3054
- Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and
resulting source files in tutorials.
See https://github.com/Pylons/pyramid/issues/2548
- Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to
use shortcut.
See https://github.com/Pylons/pyramid/issues/3042
- Ensure the correct threadlocals are pushed during view execution when
invoked from ``request.invoke_exception_view``.
See https://github.com/Pylons/pyramid/pull/3060
- Fix a bug in which ``pyramid.security.ALL_PERMISSIONS`` failed to return
a valid iterator in its ``__iter__`` implementation.
See https://github.com/Pylons/pyramid/pull/3074
- Normalize the permission results to a proper class hierarchy.
``pyramid.security.ACLAllowed`` is now a subclass of
``pyramid.security.Allowed`` and ``pyramid.security.ACLDenied`` is now a
subclass of ``pyramid.security.Denied``.
See https://github.com/Pylons/pyramid/pull/3084
- Add a ``quote_via`` argument to ``pyramid.encode.urlencode`` to follow
the stdlib's version and enable custom quoting functions.
See https://github.com/Pylons/pyramid/pull/3088
- Support `_query=None` and `_anchor=None` in ``request.route_url`` as well
as ``query=None`` and ``anchor=None`` in ``request.resource_url``.
Previously this would cause an `?` and a `#`, respectively, in the url
with nothing after it. Now the unnecessary parts are dropped from the
generated URL. See https://github.com/Pylons/pyramid/pull/3034
- Revamp the ``IRouter`` API used by ``IExecutionPolicy`` to force
pushing/popping the request threadlocals. The
``IRouter.make_request(environ)`` API has been replaced by
``IRouter.request_context(environ)`` which should be used as a context
manager. See https://github.com/Pylons/pyramid/pull/3086
1.9a2 (2017-05-09)
==================
Backward Incompatibilities
--------------------------
- ``request.exception`` and ``request.exc_info`` will only be set if the
response was generated by the EXCVIEW tween. This is to avoid any confusion
where a response was generated elsewhere in the pipeline and not in
direct relation to the original exception. If anyone upstream wants to
catch and render responses for exceptions they should set
``request.exception`` and ``request.exc_info`` themselves to indicate
the exception that was squashed when generating the response.
Similar behavior occurs with ``request.invoke_exception_view`` in which
the exception properties are set to reflect the exception if a response
is successfully generated by the method.
This is a very minor incompatibility. Most tweens right now would give
priority to the raised exception and ignore ``request.exception``. This
change just improves and clarifies that bookkeeping by trying to be
more clear about the relationship between the response and its squashed
exception. See https://github.com/Pylons/pyramid/pull/3029 and
https://github.com/Pylons/pyramid/pull/3031
1.9a1 (2017-05-01)
==================
Major Features
--------------
- The file format used by all ``p*`` command line scripts such as ``pserve``
and ``pshell``, as well as the ``pyramid.paster.bootstrap`` function
is now replaceable thanks to a new dependency on
`plaster <https://docs.pylonsproject.org/projects/plaster/en/latest/>`_.
For now, Pyramid is still shipping with integrated support for the
PasteDeploy INI format by depending on the
`plaster_pastedeploy <https://github.com/Pylons/plaster_pastedeploy>`_
binding library. This may change in the future.
See https://github.com/Pylons/pyramid/pull/2985
- Added an execution policy hook to the request pipeline. An execution
policy has the ability to control creation and execution of the request
objects before they enter the rest of the pipeline. This means for a single
request environ the policy may create more than one request object.
The first library to use this feature is
`pyramid_retry
<https://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>`_.
See https://github.com/Pylons/pyramid/pull/2964
- CSRF support has been refactored out of sessions and into its own
independent API in the ``pyramid.csrf`` module. It supports a pluggable
``pyramid.interfaces.ICSRFStoragePolicy`` which can be used to define your
own mechanism for generating and validating CSRF tokens. By default,
Pyramid continues to use the ``pyramid.csrf.LegacySessionCSRFStoragePolicy``
that uses the ``request.session.get_csrf_token`` and
``request.session.new_csrf_token`` APIs under the hood to preserve
compatibility. Two new policies are shipped as well,
``pyramid.csrf.SessionCSRFStoragePolicy`` and
``pyramid.csrf.CookieCSRFStoragePolicy`` which will store the CSRF tokens
in the session and in a standalone cookie, respectively. The storage policy
can be changed by using the new
``pyramid.config.Configurator.set_csrf_storage_policy`` config directive.
CSRF tokens should be used via the new ``pyramid.csrf.get_csrf_token``,
``pyramid.csrf.new_csrf_token`` and ``pyramid.csrf.check_csrf_token`` APIs
in order to continue working if the storage policy is changed. Also, the
``pyramid.csrf.get_csrf_token`` function is injected into templates to be
used conveniently in UI code.
See https://github.com/Pylons/pyramid/pull/2854 and
https://github.com/Pylons/pyramid/pull/3019
Minor Features
--------------
- Support an ``open_url`` config setting in the ``pserve`` section of the
config file. This url is used to open a web browser when ``pserve --browser``
is invoked. When this setting is unavailable the ``pserve`` script will
attempt to guess the port the server is using from the
``server:<server_name>`` section of the config file but there is no
requirement that the server is being run in this format so it may fail.
See https://github.com/Pylons/pyramid/pull/2984
- The ``pyramid.config.Configurator`` can now be used as a context manager
which will automatically push/pop threadlocals (similar to
``config.begin()`` and ``config.end()``). It will also automatically perform
a ``config.commit()`` and thus it is only recommended to be used at the
top-level of your app. See https://github.com/Pylons/pyramid/pull/2874
- The threadlocals are now available inside any function invoked via
``config.include``. This means the only config-time code that cannot rely
on threadlocals is code executed from non-actions inside the main. This
can be alleviated by invoking ``config.begin()`` and ``config.end()``
appropriately or using the new context manager feature of the configurator.
See https://github.com/Pylons/pyramid/pull/2989
Bug Fixes
---------
- HTTPException's accepts a detail kwarg that may be used to pass additional
details to the exception. You may now pass objects so long as they have a
valid __str__ method. See https://github.com/Pylons/pyramid/pull/2951
- Fix a reference cycle causing memory leaks in which the registry
would keep a ``Configurator`` instance alive even after the configurator
was discarded. Another fix was also added for the ``global_registries``
object in which the registry was stored in a closure preventing it from
being deallocated. See https://github.com/Pylons/pyramid/pull/2967
- Fix a bug directly invoking ``pyramid.scripts.pserve.main`` with the
``--reload`` option in which ``sys.argv`` is always used in the subprocess
instead of the supplied ``argv``.
See https://github.com/Pylons/pyramid/pull/2962
Deprecations
------------
- Pyramid currently depends on ``plaster_pastedeploy`` to simplify the
transition to ``plaster`` by maintaining integrated support for INI files.
This dependency on ``plaster_pastedeploy`` should be considered subject to
Pyramid's deprecation policy and may be removed in the future.
Applications should depend on the appropriate plaster binding to satisfy
their needs.
- Retrieving CSRF token from the session has been deprecated in favor of
equivalent methods in the ``pyramid.csrf`` module. The CSRF methods
(``ISession.get_csrf_token`` and ``ISession.new_csrf_token``) are no longer
required on the ``ISession`` interface except when using the default
``pyramid.csrf.LegacySessionCSRFStoragePolicy``.
Also, ``pyramid.session.check_csrf_token`` is now located at
``pyramid.csrf.check_csrf_token``.
See https://github.com/Pylons/pyramid/pull/2854 and
https://github.com/Pylons/pyramid/pull/3019
Documentation Changes
---------------------
- Added the execution policy to the routing diagram in the Request Processing
chapter. See https://github.com/Pylons/pyramid/pull/2993