Changelogs » Pyramid-debugtoolbar




- Fix parser errors when injecting the toolbar into XHTML formatted pages.



- Show the full URL in the tooltip on the requests panel.



- Stop accessing ``request.unauthenticated_userid`` in preparation for
Pyramid 2.0 where it is deprecated.

- Catch a ``ValueError`` when JSON-serializing SQLA objects for display.



- Add Python 3.8 support.

- Fix internal deprecation warnings on Python 3.7.



- Drop Python 3.3 support to align with Pyramid and its EOL.

- Add support for testing on Python 3.7.

- Add a list of engines to the SQLAlchemy panel if queries come from
multiple engines.

- When the toolbar intercepts an exception via
``debugtoolbar.intercept_exc = True`` and returns the interactive
debugger, it will add ``request.exception`` and ``request.exc_info`` to
the request to indicate what exception triggered the response. This helps
upstream tweens such as ``pyramid_retry`` to possibly retry the requests.

- Stop parsing the ``request.remote_addr`` value when it contains chain of
comma-separated ip-addresses. Reject these values and emit a warning
to sanitize the value upstream.



- Reduce the log output for squashed exceptions and put them at the INFO
level so they can be filtered out if desired.
See and



- Javascript syntax fixes for browsers that don't support trailing commas.



- The logging panel indicator is now color-coded to indicate the severity of
the log messages as well as the number of messages at said level. There may
be more messages, but the most severe show up in the annotation.

This feature also added a new ``nav_subtitle_style`` hook to the
``DebugPanel`` API for adding a custom CSS class to the subtitle tag.




- Fix a bug with the logging of squashed exceptions on Python < 3.5.



This release contains a rewrite of the underlying exception / traceback
tracking machinery and fixes regressions caused by the 4.1 release that
broke the interactive debugger.

- Tracebacks are now tied to the per-request toolbar object one-to-one.
A request may have only one traceback. Previously they actually stuck
around for the entire lifetime of the app instead of being collected by
the max_request_history setting.

- The routes for exceptions are standardized to look similar to the SQLA AJAX
routes. For example, ``/{request_id}/exception`` instead of
``/exception?token=...&tb=...`` and
``/{request_id}/exception/execute/{frame_id}?cmd=...`` instead of

- Fixed the url generation for the traceback panel link at the bottom of the
traceback... it was actually empty previously - it got lost somewhere along
the way.

- /favicon.ico is no longer specially handled.. it's just part of
``exclude_prefixes`` like anything else that you want to exclude.

- ``request.pdtb_history`` is available for toolbar requests (mostly AJAX
requests or panel rendering).

- Removed the unused history predicate.

- URL generation was broken in the ``debugger.js`` but that's fixed now so the
execute/source buttons work in tracebacks.

- Drop the license from ``LICENSE.txt`` for the removed ipaddr module in 4.1.



- Debug squashed exceptions! If you register an exception view for an exception
it will render a response. The toolbar will see the squashed exception and
enable the ``Traceback`` tab in the toolbar and emit a message on the
console with the URL. You can then debug the exception while returning the
original response to the user.

- Remove the vendored ipaddr package and use the stdlib ipaddress module on
Python 3.3+. On Python < 3.3 the ipaddress module is a dependency from PyPI.
This dependency uses environment markers and thus requires pip 8.1.2+.

- Display a warning if the toolbar is used to display a request that no longer
exists. This may be because the app was restarted or the request fell off
the end of the ``max_request_history``.

- Enable testing on Python 3.6.

- Drop the link-local suffix off of local interfaces in order to accept
requests on them. See

- Headers panel defers its processing to a finished callback. This is best
effort of displaying actual headers, since they could be modified by
a response callback or another finished callback.

- Query log inside SQLAlchemy panel does not cause horizontal scrolling
anymore, which should improve UX.



- Fix sticky panel functionality that was broken by other cleanup in the 4.0
release. See



- The config settings ``debugtoolbar.panels``, ``debugtoolbar.extra_panels``,
``debugtoolbar.global_panels`` and ``debugtoolbar.extra_global_panels``
now all accept panel names as defined in
````. Thus you may use names
such as ``performance``, ``headers``, etc. These settings still support the
dotted Python path but it is suggested that panels now support being
included via ``debugtoolbar.includes`` and ``config.add_debugtoolbar_panel``
instead such that they are automatically added to the toolbar.

- Add a new ``config.add_debugtoolbar_panel`` directive that can be invoked
from ``includeme`` functions included via the ``debugtoolbar.includes``
setting. These panels are automatically added to the default panel list
and should become the way to define toolbar panels in the future.

- Add a new ``config.inject_parent_action`` directive that can be invoked
from ``includeme`` functions included via the ``debugtoolbar.includes``
setting. These actions are invoked on the parent config just before it is
created such that actions can inspect / wrap existing config.

- Added "sticky" panel functionality to allow a selected panel to persist
across pageviews using cookies.  If a cookied panel does not have content
available for display, the first non-disabled panel will be displayed. If a
cookied panel is not enabled on the toolbar, the first non-disabled panel will
be displayed AND will become the new default panel.

- Added `CustomLoggerFactory` to javascript, used in the development of PR 272.
This javascript factory allows panel developers and maintainers to use verbose
console logging during development, partitioned by feature, and silence it for
deployment while still leaving the logging lines activated.

- The toolbar registers a ``BeforeRender`` subscriber in your application to
monitor the rendering of templates. Previously it was possible that the
toolbar would miss rendering information because of the order in which the
subscribers were registered. The toolbar now waits until the application
is created and then appends a new subscriber that encapsulates the
your application's ``BeforeRender`` subscribers.

- Remove duplicate ``id="${panel.dom_id}"`` tags in history tab html. Only
the top-level ``<li>`` tag has the id now.

- Emit a warning and disable the toolbar if the app is being served by
a forking / multiprocess wsgi server that sets
``environ['wsgi.multiprocess']`` to ``True``. This should help avoid
confusing issues in certain deployments like gunicorn and uwsgi multiprocess
modes. See

- The toolbar tween is always placed explicitly OVER the pyramid_tm tween.

- Refactored all debugtoolbar panels to be included using
``config.add_debugtoolbar_panel`` and per-panel ``includeme`` functions.

- Exposed a ``request.toolbar_panels`` dictionary which can be used from within
``DebugPanel.render_content`` and ``DebugPanel.render_vars`` in order to
introspect and use the data generated by other panels when rendering the
panel. See

- Support streaming new requests on Microsoft Edge and Internet Explorer 8+ by
using a Server-Sent-Events polyfill.



- Change static toolbar asset to accommodate color blindness.



- 3.0.3 was a brownbag release missing static assets.



- Fix another regression where the toolbar was modifying requests to the
toolbar itself such that the ``script_name`` and ``path_info`` were
different after handling the request than before.



- Fix a regression with inspecting requests with a session that is loaded
before the toolbar executes.



- Avoid touching ``request.unauthenticated_userid``,
``request.authenticated_userid`` and ``request.effective_principals`` unless
they are accessed by the user in the normal request lifecycle. This avoids
some issues where unauthenticated requests could trigger side effects on
your authentication policy or access the properties outside of the
expected lifecycle of the properties.



- The toolbar is now a completely standalone application running inside the
tween. There are several minor incompatibilities and improvements related
to this extra isolation:

1. ``pyramid_mako`` and the ``.dbtmako`` renderer are no longer included
in the parent application (your app).
2. Panels must be extra careful now that they only render templates inside
of the ``render_vars`` and ``render_content`` functions. These are the
only functions in which the ``request`` object is for rendering the
toolbar panel.
3. The toolbar will not be affected by any global security policies your
application may put in place other than via
**never run the toolbar in production**


- Updated Bootstrap to v3.3.6, refactored static assets and dropped require.js.
Each page now depends on what it needs without extra dependencies included
in the debugger pages.

- Enabled interactive tablesorting on table columns.

- setuptools-git is now required to install the codebase in non-editable mode.



- Drop Python 2.6 and Python 3.2 support.

- Add Python 3.5 support.

- Remove inline javascript from injected pages to work better with any
Content Security Policy that may be in place.

- Added the packages' `.location` to the "Versions" panel so developers can tell
which version of each package is actually being used.

- Upon exception do a better job guessing the charset of the sourcefile when
reading it in to display tracebacks.

- Removed jQuery code in the toolbar referring to a DOM node called 'myTab',
which doesn't seem to exist anymore.

- Updated the "Request Vars" panel:
1. Show additional values that were previously missing
2. Sections upgraded to link to Pyramid Documentation when possible
3. Mako reformatted into "defs" for simpler reorganization in the future

- Fix to prevent the toolbar from loading the session until it is actually
accessed by the user. This avoids unnecessary parsing of the session object
as well as waiting to parse it until later in the request which may meet
more expectations of the session factory.



- Fix a long-standing bug in which log messages were not rendered until
the end of the response. By this time the arguments passed to the logger
may no longer be valid (such as SQLAlchemy managed objects) and you would
see a ``DetachedInstanceError``.



- Remove the extra query hash constructed when indexing into SQL queries via
url as it was unused after releasing 2.4.



This release changes some details of the panel API, so if you are writing
any custom panels for the toolbar please review the changes.

- Document the cookie used to activate panels on a per-request basis. It is
possible to specify the cookie per-request to turn on certain panels. This
is used by default in the browser, but may also be used on a per-request
basis by curl or other http APIs.

- Add new ``debugtoolbar.active_panels`` setting which can specify certain
panels to be always active.

- Modify ```` to be a valid python identifier, used for
settings and lookup.

- The toolbar no longer will clobber the ```` property. It now
namespaces its usage as ``request.pdtb_id``, freeing up ````
for applications.

- Add a lock icon next to the request method in the sidebar if the request
was accessed over https.

- Update to bootstrap 3.1.1.

- Fix display of POST variables where the same key is used multiple times.

- Fix auth callback so it protects the toolbar views. Auth system is tested
now. See

- Convert SQLAlchemy views to obtain the query and params internally; this
allows executing queries with parameters that are not serializable.

- Adds Pyramid version tests and bumps required Pyramid version to 1.4.
The pyramid_mako dependency requires 1.3, but debugtoolbar also uses
``invoke_subrequest`` which was added in 1.4. The ``invoke_subrequest`` call
was added
in pyramid_debugtoolbar 2.0; if you need Pyramid 1.3 compatibility, try
an older version.



- Support a ``debugtoolbar.includes`` setting which will allow addons to
extend the toolbar's internal Pyramid application with custom logic.

- Fixed an issue when the toolbar is not mounted at the root of the domain.

- Fixed an issue where the `button_css` was not pulled from the settings.
Added support for configurable `max_request_history` and



- Brownbagged 2.2.1, forgot to include the templates!



- Several internal links were not relative causing them to fail when the
app is mounted at a path prefix. See and

- Pin pygments<2 on 3.2 as the new release has dropped support.



- Avoid polluting user code with unnecessary toolbar css just to show the
button. See

- Inject the toolbar button into ``application/xhtml+xml`` requests.

- Make the toolbar accessible before another request has been served by the
application. See



- Add new "debugtoolbar." configuration settings that allow enabling or
disabling various Pyramid knobs in a users .ini file. This for instance
allows easy enabling/disabling of template reloading for the debugtoolbar.

- Allow the toolbar to display always, even when the parent application
is using a default permission.

- Stabilize and document the ``pyramid_debugtoolbar.panels.DebugPanel``
API to allow developers to create their own panels.

- Add new ``debugtoolbar.extra_panels`` and
``debugtoolbar.extra_global_panels`` configuration settings to make it
simpler to support custom panels without overwriting the default panels.



- Fix breaking bugs when run under Py3k.



- Fixes a bug in 2.0 expecting pyramid_beaker to be around.



- The toolbar has undergone a major refactoring to mitigate the effects of
the toolbar's internal behavior on the application to which it is connected
and make it possible to inspect arbitrary requests. It is now available at
``/_debug_toolbar`` and can be used to monitor any and all requests serviced
by the Pyramid application that it is wrapping, including non-html responses.

The toolbar will live-update (on conforming browsers via Server Sent Events)
when requests come into the Pyramid application, and can be used to debug and
inspect multiple requests simultaneously.



- Use new ``pyramid_mako`` configuration directive add_mako_renderer.



- Depend on ``pyramid_mako`` (Mako support will be split out of Pyramid in



- Drop support for Python 2.5.

- Fix computation of proxy addresses.  See .

- Make templates compatible with no-MarkupSafe Mako under Python 3.2.

- Decode platform name to Unicode using utf-8 encoding to cope with nonascii
characters in platform (e.g. Fedora's Schrodinger's Cat).  See

- Raise a ``pyramid.exceptions.URLDecodeError`` instead of a raw
UnicodeDecodeError when the request path cannot be decoded.  See

- Added new configuration option: `debugtoolbar.show_on_exc_only` (
default=false).  If set to true (`debugtoolbar.show_on_exc_only = true`)
the debugtoolbar will only be injected into the response in case a
exception is raised. If the response is processed without exception the
returned html code is not changed at all.

- Fix various UnicodeDecodeError exceptions.



- Packaging release only, no code changes.  1.0.5 was a brownbag release due to
missing directories in the tarball.



- Parse IPs correctly when request.remote_addr is a comma separated list
of proxies IPs.

- If you are also using require.js, the debug toolbar's version of jQuery
will no longer conflict with your application's version of the library.

- Use the "n" filter to disable default_filters when including the raw
SQL in links, leaving only the "u" filter (URL escaping).

- Support for per-request authorization of toolbar middleware via
``config.set_debugtoolbar_request_authorization(callback)`` where callback
accepts request object and returns boolean value whether toolbar is enabled
or not.

- Short term fix for preventing error when converting binary query params to json.

- Fix sqlalchemy query duration from microseconds to milliseconds.



- Add a ``debugtoolbar.excluded_prefixes`` setting.  When a URL path prefix
matches one of these prefixes, the toolbar will not be shown on the resulting

- Show the prompt and little text file icons show all the time, instead of
only on hover.

- Do not set max-height on result boxes (which result in nested scroll on
the page, which makes it hard to find information quickly).

- When an expression result is long, do not truncate with an ellipsis, which
requires one more click to get at the information I need.

- Support ``pip install`` from the github repository by adding all static files
required to install in the ``package_data`` ````. Setuptools usually
uses Subversion or CVS to tell it what static files it needs to package up
for egg distribution, but does not support reading git metadata.

- The debug toolbar now use a patched version of require.js with a distinct
private name that cannot clash with the dojo loader or other incompatible
versions of require that may already be loaded on the page. You no longer
need to add the toolbar to your own require.js to make it work.



- The ``valid_host`` custom predicate used internally by pyramid_debugtoolbar
views didn't use newer "ipaddr"-based logic.  Symptom: some views may have
been incorrectly inaccessible if you used a network mask as a
"debugtoolbar.hosts" option.

- The debug console now works with Google App Engine.

- The debug console now adds a shortcut for accessing the last result through



- Moved the toolbar and debugger javascript files to use requirejs for
better dependency loading and module isolation to play better with mutiple
library versions. Recurrent problem was with async loading and application
specific jquery library where the expected version was overrided by the
toolbar one.

If you are already using requirejs and want the toolbar to load, just add it
to your path and module::

paths: {
"jquery": "jquery-1.7.2.min",
"toolbar": "/_debug_toolbar/static/js/toolbar"

require(["jquery", "toolbar"], function($, toolbar) {
$(function() {
// your module



- If ``request.remote_addr`` is ``None``, disable the toolbar.



- Don't URL-quote SQL parameters on SQLAlchemy panel.

- Allow hostmask values as ``debugtoolbar.hosts`` entries
(e.g. ````).


- When used with Pyramid 1.3a9+, views, routes, and other registrations made
by ``pyramid_debugtoolbar`` itself will not show up in the introspectables



- Try to take advantage of MakoRendererFactoryHelper in Pyramid 1.3a8+.  If
we can do this, the toolbar templates won't be effected by normal mako
settings.  The most visible change is that toolbar mako templates now have
a ``dbtmako`` extension.



- Show request headers instead of mistakenly showing environ values in
Headers panel under "Request Headers".  This also fixes a potential

- Set content_length on response object when we regenerate app_iter while
replacing original content.



- The performance panel of the debugtoolbar used a variable named
``function_calls`` which was not initialised when stats are not
collected. This caused a ``NameError`` when mako rendered the template with
the ``strict_undefined`` option.

- Fix Python 3 compatibility in SQLAlchemy panel.

- Make SQLAlchemy explain and select work again.



- Added "Introspection" panel; active only under Pyramid 1.3dev+ (requires
Pyramid introspection subsystem).

- Address heisenbug reported where performance panel template variables cause
unexpected results.  Can't repeat, but reporter indicates the fix works for
him, so hail marying.  See



- Adjust tox setup to test older Pyramid and WebOb branches under 2.5.

- Convert all templates to Mako.

- Don't rely on ``pyramid.compat.json``.

- Add Tweens toolbar panel.



- Upgrade to jquery 1.6.4 and tablesorter plugin 2.0.5b

- Introduced new setting ``debugtoolbar.button_style``. Which can be used
to override the default style (top:30px) set by ``toolbar.css``.

- Compatible with Python 3.2 (requires Pyramid 1.3dev+).

- Appease settings values that were sensitive to ``__getattr__`` in the
settings debug panel (e.g. MongoDB databases).  See



- All debug toolbar panels and underlying views are now always executable by
entirely anonymous users, regardless of the default permission that may be
in effect (use the ``NO_PERMISSION_REQUIRED`` permission for all
debugtoolbar views).

- Toolbar cookie settings name changed (from fldt to p_dt), to avoid messing
up folks who use both the flask debugtoolbar and Pyramid's.

- Fix IE7 and IE8 renderings of the toolbar.



- Log an exception body to the debug toolbar logger when an exception

- Don't reset the root logger level to NOTSET in the logging panel (changes
console logging output to sanity again).



- The ``debugtoolbar.intercept_exc`` setting is now a tri-state setting.  It
can be one of ``debug``, ``display`` or ``false``.  ``debug`` means show
the pretty traceback page with debugging controls.  ``display`` means show
the pretty traceback package but omit the debugging controls.  ``false``
means don't show the pretty traceback page.  For backwards compatibility
purposes, ``true`` means ``debug``.

- A URL is now logged to the console for each exception when
``debugtoolbar.intercept_exc`` is ``debug`` or ``display``.  This URL leads
to a rendering of the "pretty" traceback page for an exception.  This is
useful when the exception was caused by an AJAX or non-human-driven
request.  This URL is also injected into the pretty traceback page (at the

- "Unfixed" indentation of SQL EXPLAIN done in 0.9, it broke the explain page
when a column value isn't a string.



- Fixed indentation of SQL EXPLAIN by replacing spaces with HTML spaces.

- ``response.charset`` in some undefined user-reported cases may be ``None``,
which would lead to an exception when attempting to render the debug
toolbar.  In such cases we now assume the charset is UTF-8.

- Some renderings of the request vars and renderer values would raise an
uncaught exception.



- Try to cope with braindead Debian Python installs which package the
``pstats`` module separately from Python for god only knows what reason.
Turn the performance panel off in this case instead of crashing.



- Docs-only changes.



- Do not register an alias when registering an implicit tween factory (compat
with future 1.2 release).



- The toolbar didn't work under Windows due to usage of the ``resource``



- Change the default value for ``debugtoolbar.intercept_redirects`` to
``false.`` Rationale: it confuses people when first developing if the
application they're working on has a home page which does a redirection.



- Request vars panel would cause a UnicodeDecodeError under some
circumstances (see

- Dynamicize URLs for SQLAlchemy subpanels.

- Require "pyramid>=1.2dev" for install; the trunk is now "1.2dev" instead of

- Requires trunk after 2011-08-14: WSGIHTTPException "prepare" method and
``alias`` param to add_tween, BeforeRender event has no "_system" attr.

- Fix memory leak.

- HTML HTTP exceptions now are rendered with the debug toolbar div.

- Added NotFound page to demo app and selenium tests.



- Add SQLAlchemy "explain" and "select" pages (available from the SQLALchemy
panel next to each query shown in the page).

- Requires newer Pyramid trunk (checked out on 2011-08-07 or later).

- Add a link to the SQLAlchemy demo page from the demo app index page.



- Initial release.