Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keep around original serializer #127

merged 2 commits into from Dec 13, 2013

Keep around original serializer #127

merged 2 commits into from Dec 13, 2013


Copy link

We need to keep around the original serializer so that when we bind() and re-create the SignedCookieProfile we can use that to pass into the initializer.

@mcdonc mcdonc merged commit 897ef41 into Pylons:master Dec 13, 2013
Copy link

mcdonc commented Dec 13, 2013

Thanks! Merged.

@digitalresistor digitalresistor deleted the bugfix.keep-original-serializer branch December 13, 2013 17:01
mamash pushed a commit to TritonDataCenter/pkgsrc-wip that referenced this pull request Aug 20, 2014
1.4 (2013-05-14)


- Remove ``webob.__version__``, the version number had not been kept in sync
  with the official pkg version.  To obtain the WebOb version number, use
  ``pkg_resources.get_distribution('webob').version`` instead.

Bug Fixes

- Fix a bug in ``EmptyResponse`` that prevents it from setting self.close as
  appropriate due to testing truthiness of object rather than if it is
  something other than ``None``.

- Fix a bug in ``SignedSerializer`` preventing secrets from containing
  higher-order characters. See Pylons/webob#136

- Use the ``hmac.compare_digest`` method when available for constant-time

1.3.1 (2013-12-13)

Bug Fixes

- Fix a bug in ``SignedCookieProfile`` whereby we didn't keep the original
  serializer around, this would cause us to have ``SignedSerializer`` be added on
  top of a ``SignedSerializer`` which would cause it to be run twice when
  attempting to verify a cookie.  See Pylons/webob#127

Backwards Incompatibilities

- When ``CookieProfile.get_value`` and ``SignedCookieProfile.get_value`` fails
  to deserialize a badly encoded value, we now return ``None`` as if the cookie
  was never set in the first place instead of allowing a ``ValueError`` to be
  raised to the calling code.  See Pylons/webob#126

1.3 (2013-12-10)


- Added a read-only ``domain`` property to ``BaseRequest``.  This property
  returns the domain portion of the host value.  For example, if the
  environment contains an ``HTTP_HOST`` value of ````,
  ``request.domain`` will return ````.

- Added five new APIs: ``webob.cookies.CookieProfile``,
  ``webob.cookies.SignedCookieProfile``, ``webob.cookies.JSONSerializer`` and
  ``webob.cookies.SignedSerializer``, and ``webob.cookies.make_cookie``.  These
  APIs are convenience APIs for generating and parsing cookie headers as well
  as dealing with signing cookies.

- Cookies generated via webob.cookies quoted characters in cookie values that
  did not need to be quoted per RFC 6265.  The following characters are no
  longer quoted in cookie values: ``~/=<>()[]{}?@`` .  The full set of
  non-letter-or-digit unquoted cookie value characters is now
  ``!#$%&'*+-.^_`|~/: =<>()[]{}?@``.  See for more information.

- Cookie names are now restricted to the set of characters expected by RFC
  6265.  Previously they could contain unsupported characters such as ``/``.

- Older versions of Webob escaped the doublequote to ``\"`` and the backslash
  to ``\\`` when quoting cookie values.  Now, instead, cookie serialization
  generates ``\042`` for the doublequote and ``\134`` for the backslash. This
  is what is expected as per RFC 6265.  Note that old cookie values that do
  have the older style quoting in them will still be unquoted correctly,

- Added support for draft status code 451 ("Unavailable for Legal Reasons").

- Added status codes 428, 429, 431 and 511 to ``util.status_reasons`` (they
  were already present in a previous release as ``webob.exc`` exceptions).

Bug Fixes

- MIMEAccept happily parsed malformed wildcard strings like "image/pn*" at
  parse time, but then threw an AssertionError during matching.  See
  Pylons/webob#83 .

- Preserve document ordering of GET and POST request data when POST data passed
  to Request.blank is a MultiDict.  See Pylons/webob#96

- Allow query strings attached to PATCH requests to populate request.params.
  See Pylons/webob#106

- Added Python 3.3 trove classifier.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

2 participants