- Support for secure cookies written by pre-1.0 releases of Tornado has been removed. The .RequestHandler.get_secure_cookie method no longer takes an
include_name
parameter. - The
debug
application setting now causes stack traces to be displayed in the browser on uncaught exceptions. Since this may leak sensitive information, debug mode is not recommended for public-facing servers.
- Diginotar has been removed from the default CA certificates file used by
SimpleAsyncHTTPClient
.
- `tornado.gen`: A generator-based interface to simplify writing asynchronous functions.
- `tornado.netutil`: Parts of tornado.httpserver have been extracted into a new module for use with non-HTTP protocols.
- `tornado.platform.twisted`: A bridge between the Tornado IOLoop and the Twisted Reactor, allowing code written for Twisted to be run on Tornado.
- `tornado.process`: Multi-process mode has been improved, and can now restart crashed child processes. A new entry point has been added at tornado.process.fork_processes, although
tornado.httpserver.HTTPServer.start
is still supported.
- tornado.web.RequestHandler.write_error replaces
get_error_html
as the preferred way to generate custom error pages (get_error_html
is still supported, but deprecated) - In tornado.web.Application, handlers may be specified by (fully-qualified) name instead of importing and passing the class object itself.
- It is now possible to use a custom subclass of
StaticFileHandler
with thestatic_handler_class
application setting, and this subclass can override the behavior of thestatic_url
method. - ~tornado.web.StaticFileHandler subclasses can now override
get_cache_time
to customize cache control behavior. - tornado.web.RequestHandler.get_secure_cookie now has a
max_age_days
parameter to allow applications to override the default one-month expiration. - ~tornado.web.RequestHandler.set_cookie now accepts a
max_age
keyword argument to set themax-age
cookie attribute (note underscore vs dash) - tornado.web.RequestHandler.set_default_headers may be overridden to set headers in a way that does not get reset during error handling.
- .RequestHandler.add_header can now be used to set a header that can appear multiple times in the response.
- .RequestHandler.flush can now take a callback for flow control.
- The
application/json
content type can now be gzipped. - The cookie-signing functions are now accessible as static functions
tornado.web.create_signed_value
andtornado.web.decode_signed_value
.
- To facilitate some advanced multi-process scenarios,
HTTPServer
has a new methodadd_sockets
, and socket-opening code is available separately as tornado.netutil.bind_sockets. - The
cookies
property is now available ontornado.httpserver.HTTPRequest
(it is also available in its old location as a property of ~tornado.web.RequestHandler) tornado.httpserver.HTTPServer.bind
now takes a backlog argument with the same meaning assocket.listen
.- ~tornado.httpserver.HTTPServer can now be run on a unix socket as well as TCP.
- Fixed exception at startup when
socket.AI_ADDRCONFIG
is not available, as on Windows XP
- ~tornado.iostream.IOStream performance has been improved, especially for small synchronous requests.
- New methods
tornado.iostream.IOStream.read_until_close
andtornado.iostream.IOStream.read_until_regex
. IOStream.read_bytes
andIOStream.read_until_close
now take astreaming_callback
argument to return data as it is received rather than all at once.- .IOLoop.add_timeout now accepts datetime.timedelta objects in addition to absolute timestamps.
- ~tornado.ioloop.PeriodicCallback now sticks to the specified period instead of creeping later due to accumulated errors.
- tornado.ioloop.IOLoop and tornado.httpclient.HTTPClient now have
close()
methods that should be used in applications that create and destroy many of these objects. - .IOLoop.install can now be used to use a custom subclass of IOLoop as the singleton without monkey-patching.
- ~tornado.iostream.IOStream should now always call the close callback instead of the connect callback on a connection error.
- The .IOStream close callback will no longer be called while there are pending read callbacks that can be satisfied with buffered data.
- Now supports client SSL certificates with the
client_key
andclient_cert
parameters to tornado.httpclient.HTTPRequest - Now takes a maximum buffer size, to allow reading files larger than 100MB
- Now works with HTTP 1.0 servers that don't send a Content-Length header
- The
allow_nonstandard_methods
flag on HTTP client requests now permits methods other thanPOST
andPUT
to contain bodies. - Fixed file descriptor leaks and multiple callback invocations in
SimpleAsyncHTTPClient
- No longer consumes extra connection resources when following redirects.
- Now works with buggy web servers that separate headers with
\n
instead of\r\n\r\n
. - Now sets
response.request_time
correctly. - Connect timeouts now work correctly.
- tornado.auth.OpenIdMixin now uses the correct realm when the callback URI is on a different domain.
- tornado.autoreload has a new command-line interface which can be used to wrap any script. This replaces the
--autoreload
argument to tornado.testing.main and is more robust against syntax errors. - tornado.autoreload.watch can be used to watch files other than the sources of imported modules.
tornado.database.Connection
has new variants ofexecute
andexecutemany
that return the number of rows affected instead of the last inserted row id.- tornado.locale.load_translations now accepts any properly-formatted locale name, not just those in the predefined
LOCALE_NAMES
list. - tornado.options.define now takes a
group
parameter to group options in--help
output. - Template loaders now take a
namespace
constructor argument to add entries to the template namespace. - tornado.websocket now supports the latest ("hybi-10") version of the protocol (the old version, "hixie-76" is still supported; the correct version is detected automatically).
- tornado.websocket now works on Python 3
- Windows support has been improved. Windows is still not an officially supported platform, but the test suite now passes and tornado.autoreload works.
- Uploading files whose names contain special characters will now work.
- Cookie values containing special characters are now properly quoted and unquoted.
- Multi-line headers are now supported.
- Repeated Content-Length headers (which may be added by certain proxies) are now supported in .HTTPServer.
- Unicode string literals now work in template expressions.
- The template
{% module %}
directive now works even if applications use a template variable namedmodules
. - Requests with "Expect: 100-continue" now work on python 3