…n(). The examples given do not work in the 1.1.1 release. This change should be reverted when 1.2 is released and the new examples work.
This is a backwards-incompatible change. Applications that previously relied on a blanket exception for XMLHTTPRequest may need to be modified to explicitly include the XSRF token when making ajax requests. The tornado chat demo application demonstrates one way of adding this token (specifically the function postJSON in demos/chat/static/chat.js). More information about this change and its justification can be found at http://www.djangoproject.com/weblog/2011/feb/08/security/ http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails Closes #214.
…n-SSL request. Prompted by issue #211.
Logging can now be configured with either a subclass or setting of Application. This replaces the previous method of overriding a private method of RequestHandler, which was difficult to do for built-in handlers (StaticFileHandler and RedirectHandler).
…ncate(). But, per http://stackoverflow.com/questions/4330812/how-do-i-clear-a-stringio-object discussion, creating new StringIO() is cheaper.
and allows the same callback object to be reused. A set was originally used to support remove_callback(), but that method was removed in the 1.1 release.
The logging module checks to see if the value passed for exc_info is a tuple, and if so assumes it contains (type, value, traceback). A bug in python 2.5 and 2.6 causes context manager's __exit__ methods to sometimes receive a tuple instead of an exception object, which causes a nonsensical message to be logged.
_handle_request_exception is a private method, but since I've endorsed overriding it on the mailing list preserve backwards compatibility by re-raising the exception so it appears in sys.exc_info(). Closes #199.
for consistency with normal handler construction (and compatibility with the initialize() changes from a couple of commits ago). Closes #194.
…ses. This is a slight simplification and makes it easier to create further application-specific subclasses. Closes #191.
This decorator has over 5x the overhead of a hand-written class with __enter__ and __exit__ methods.