Skip to content
Commits on Apr 26, 2016
  1. @mmerickel
Commits on Apr 25, 2016
  1. @stevepiercy
Commits on Apr 24, 2016
  1. @stevepiercy

    Allow Sphinx doctests to run and pass with `make doctest SPHINXBUILD=…

    stevepiercy committed Apr 24, 2016
    …$VENV/bin/sphinx-build`.
    
    - TODO: two tests in `docs/narr/hooks.rst`
  2. @stevepiercy

    update bad link

    stevepiercy committed Apr 24, 2016
Commits on Apr 23, 2016
  1. @stevepiercy

    Fix all the stinky linkie rot via `make linkcheck SPHINXBUILD=$VENV/b…

    stevepiercy committed Apr 23, 2016
    …in/sphinx-build`, but don't bother with HISTORY.txt or whatsnew-xx
Commits on Apr 19, 2016
  1. @mmerickel
Commits on Apr 17, 2016
  1. @mcdonc
Commits on Apr 16, 2016
  1. @stevepiercy

    Merge pull request #2507 from stevepiercy/master

    stevepiercy committed Apr 16, 2016
    replace ps1con with doscon for lexer and syntax highlighting
  2. @dstufft

    In addition to CSRF token, verify the origin too

    dstufft committed Apr 15, 2016
    Add an additional layer of protection against CSRF by verifying the actual
    origin of the request in addition to the CSRF token. We only do this check on
    sites hosted behind HTTPS because only HTTPS sites have evidence to show that
    the Referrer header is not being spuriously removed by random middleware
    boxes.
Commits on Apr 15, 2016
  1. @dstufft

    Have Automatic CSRF on all unsafe HTTP methods

    dstufft committed Apr 15, 2016
    Instead of only protecting against unsafe POST requests, have the automatic
    CSRF protect on all methods which are not defined as "safe" by RFC2616.
  2. @dstufft

    Only Accept CSRF Tokens in headers or POST bodies

    dstufft committed Apr 15, 2016
    Previously `check_csrf_token` would allow passing in a CSRF token in through a
    the URL of a request. However this is a security issue because a CSRF token
    must not be allowed to leak, and URLs regularly get copy/pasted or otherwise
    end up leaking to the outside world.
Commits on Apr 13, 2016
  1. @mmerickel
  2. @bertjwregeer
Commits on Apr 12, 2016
  1. @bertjwregeer

    Remove note about -Wd flag

    bertjwregeer committed Apr 10, 2016
    Since we no longer support Python 2.6, it becomes a requirement for all
    our supported Python versions, and thus the note is no longer required.
  2. @bertjwregeer

    Update introduction to testing

    bertjwregeer committed Apr 10, 2016
    It mentions that we use Jenkins, but our Travis is more open, and used
    for all commits, so add a reference to Travis as well. Also, remove
    Python 2.6 reference here.
  3. @bertjwregeer

    Replace Python 2.6 with 2.7

    bertjwregeer committed Apr 10, 2016
  4. @stevepiercy

    - zap easy_install straggler

    stevepiercy committed Apr 12, 2016
  5. @stevepiercy

    one does not simply "create a virtualenv". one should "create a virtu…

    stevepiercy committed Apr 12, 2016
    …al environment".
    
    - Fixes #2483
  6. @stevepiercy

    update testing.rst

    stevepiercy committed Apr 12, 2016
    - replace nose with py.test
    - use pip
    - use literalinclude of MyProject/setup.py instead of copy-pasta
  7. @stevepiercy

    - use an environment variable and venv. See #2468 (comment)

    stevepiercy committed Apr 12, 2016
    - rename stanza from `testing_extras` to `tests_require`
    - switch from nose to pytest
  8. @stevepiercy
  9. @stevepiercy
  10. @stevepiercy
  11. @stevepiercy
  12. @mmerickel
  13. @mmerickel
Commits on Apr 11, 2016
  1. @stevepiercy
  2. @stevepiercy

    - add trailing line ending

    stevepiercy committed Apr 11, 2016
  3. @stevepiercy

    - update narr/project.rst to use pip instead of setup.py

    stevepiercy committed Apr 11, 2016
    - update starter scaffold tests and setup.py (used in `narr/project.rst` and `narr/testing.rst`)
    - update links to documentation
  4. @bertjwregeer

    Update router documentation

    bertjwregeer committed Apr 10, 2016
  5. @mmerickel
  6. @mmerickel
  7. @mmerickel

    rewrite csrf checks to support a global setting to turn it on

    mmerickel committed Apr 10, 2016
    - only check csrf on POST
    - support "pyramid.require_default_csrf" setting
    - support "require_csrf=True" to fallback to the global setting to
      determine the token name
  8. @mmerickel
Commits on Apr 10, 2016
  1. @stevepiercy

    - update installation.rst to use pip, pyvenv, Python 3.4

    stevepiercy committed Apr 10, 2016
    - simplify installation.rst by removing not-Pyramid things (installing Python and requirements for installing packages) while providing official external references
    - update cross-reference in quick_tutorial requirements.rst
    - add glossary entry for pyvenv
Something went wrong with that request. Please try again.