Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on Feb 10, 2011
  1. Fix typo in comments

    authored
  2. Fix typo

    authored
  3. @bdarnell
  4. @bdarnell

    Undo documentation changes from the introduction of Application.liste…

    bdarnell authored
    …n().
    
    The examples given do not work in the 1.1.1 release.  This change should be
    reverted when 1.2 is released and the new examples work.
Commits on Feb 9, 2011
  1. @bdarnell

    Merge commit 'v1.1.1'

    bdarnell authored
    Conflicts:
    	setup.py
  2. @bdarnell

    Tag release 1.1.1

    bdarnell authored
  3. @bdarnell

    BACKWARDS-INCOMPATIBLE: Fix XSRF security vulnerability.

    bdarnell authored
    This is a backwards-incompatible change.  Applications that previously
    relied on a blanket exception for XMLHTTPRequest may need to be modified
    to explicitly include the XSRF token when making ajax requests.
    
    The tornado chat demo application demonstrates one way of adding this
    token (specifically the function postJSON in demos/chat/static/chat.js).
    
    More information about this change and its justification can be found at
    http://www.djangoproject.com/weblog/2011/feb/08/security/
    http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
    
    Closes #214.
Commits on Feb 7, 2011
  1. @bdarnell

    Fix error in docstring.

    bdarnell authored
    Closes #209.
  2. @bdarnell

    Add a test to verify reasonable behavior when HTTPS server is sent no…

    bdarnell authored
    …n-SSL request.
    
    Prompted by issue #211.
Commits on Jan 25, 2011
  1. @bdarnell
  2. @bdarnell

    Update example in XSRF section.

    bdarnell authored
    Login forms don't actually need XSRF protection, so use a message-posting
    form instead.
Commits on Jan 21, 2011
  1. @bdarnell

    Move request logging from RequestHandler to Application.

    bdarnell authored
    Logging can now be configured with either a subclass or setting of
    Application.  This replaces the previous method of overriding a private
    method of RequestHandler, which was difficult to do for built-in handlers
    (StaticFileHandler and RedirectHandler).
  2. @bdarnell
Commits on Jan 20, 2011
  1. @bdarnell
  2. @bdarnell
Commits on Jan 19, 2011
  1. Added missing attribute "stream" in call to getpeercert() in HTTPRequ…

    rickard.bottcher authored
    …est.get_ssl_certificate().
Commits on Jan 13, 2011
  1. @bdarnell
  2. @bdarnell
Commits on Jan 12, 2011
  1. @bdarnell
Commits on Jan 10, 2011
  1. reset() only set current position back to 0. What we want here is tru…

    Didip Kerabat authored
    …ncate().
    
    But, per http://stackoverflow.com/questions/4330812/how-do-i-clear-a-stringio-object discussion, creating new StringIO() is cheaper.
  2. Further optimization by using tell() and reset()

    Didip Kerabat authored
  3. use cStringIO on _read_buffer and _write_buffer

    Didip Kerabat authored
Commits on Jan 6, 2011
  1. @bdarnell

    Use a list instead of a set for IOLoop callbacks. This preserves order

    bdarnell authored
    and allows the same callback object to be reused.
    
    A set was originally used to support remove_callback(), but that method
    was removed in the 1.1 release.
Commits on Jan 3, 2011
  1. @bdarnell
  2. @bdarnell

    Log exceptions with exc_info=True instead of exc_info=e.

    bdarnell authored
    The logging module checks to see if the value passed for exc_info is a
    tuple, and if so assumes it contains (type, value, traceback).
    A bug in python 2.5 and 2.6 causes context manager's __exit__ methods
    to sometimes receive a tuple instead of an exception object, which causes
    a nonsensical message to be logged.
Commits on Dec 28, 2010
  1. @bdarnell

    Fix stack trace logging for uncaught RequestHandler exceptions.

    bdarnell authored
    _handle_request_exception is a private method, but since I've endorsed
    overriding it on the mailing list preserve backwards compatibility by
    re-raising the exception so it appears in sys.exc_info().
    
    Closes #199.
Commits on Dec 17, 2010
  1. @bdarnell
Commits on Dec 14, 2010
  1. @bdarnell

    Construct ErrorHandler with kwargs instead of positional arguments

    bdarnell authored
    for consistency with normal handler construction (and compatibility with
    the initialize() changes from a couple of commits ago).
    
    Closes #194.
Commits on Dec 13, 2010
  1. @bdarnell

    Override initialize() instead of __init__() in RequestHandler subclas…

    bdarnell authored
    …ses.
    
    This is a slight simplification and makes it easier to create further
    application-specific subclasses.
    
    Closes #191.
  2. @jparise
Commits on Dec 11, 2010
  1. @bdarnell

    Add a simple HTTP benchmark

    bdarnell authored
  2. @bdarnell
  3. @bdarnell
Commits on Dec 10, 2010
  1. @bdarnell

    Avoid use of the @contextlib.contextmanager decorator.

    bdarnell authored
    This decorator has over 5x the overhead of a hand-written class
    with __enter__ and __exit__ methods.
Commits on Dec 3, 2010
  1. @bdarnell
Something went wrong with that request. Please try again.