Onegov-core

~~~~~~~~~~~~~~~~~~~

- Tighten security around static file serving.
[href]

- Urls generated from titles no longer contain double dashes ('--').
[href]

- The browser session now only adds a session_id to the cookies if there's
a change in the browser session.
[href]

- Adds the ability to count and print the sql queries that go into a single
request.
[href]

- Store all login information server-side. The client only gets a random
session id scoped to the application.
[href]

- Make sure that signatures are only valid for the origin application.
[href]

~~~~~~~~~~~~~~~~~~~

- The form directive now also accepts a factory function.
[href]

~~~~~~~~~~~~~~~~~~~

- The CSRF protection now associates a random secret with the session. The
random secret is then used to check if the CSRF token is valid.
[href]

- Cache the translator on the request to be slightly more efficient.
[href]

~~~~~~~~~~~~~~~~~~~

- Initial Release [href]