==================
Features
--------
- pcreate will now ask for confirmation if invoked with
an argument for a project name that already exists or
is importable in the current environment.
See https://github.com/Pylons/pyramid/issues/1357 and
https://github.com/Pylons/pyramid/pull/1837
- Make it possible to subclass ``pyramid.request.Request`` and also use
``pyramid.request.Request.add_request.method``. See
https://github.com/Pylons/pyramid/issues/1529
- The ``pyramid.config.Configurator`` has grown the ability to allow
actions to call other actions during a commit-cycle. This enables much more
logic to be placed into actions, such as the ability to invoke other actions
or group them for improved conflict detection. We have also exposed and
documented the config phases that Pyramid uses in order to further assist
in building conforming addons.
See https://github.com/Pylons/pyramid/pull/1513
- Add ``pyramid.request.apply_request_extensions`` function which can be
used in testing to apply any request extensions configured via
``config.add_request_method``. Previously it was only possible to test
the extensions by going through Pyramid's router.
See https://github.com/Pylons/pyramid/pull/1581
- pcreate when run without a scaffold argument will now print information on
the missing flag, as well as a list of available scaffolds.
See https://github.com/Pylons/pyramid/pull/1566 and
https://github.com/Pylons/pyramid/issues/1297
- Added support / testing for 'pypy3' under Tox and Travis.
See https://github.com/Pylons/pyramid/pull/1469
- Automate code coverage metrics across py2 and py3 instead of just py2.
See https://github.com/Pylons/pyramid/pull/1471
- Cache busting for static resources has been added and is available via a new
argument to ``pyramid.config.Configurator.add_static_view``: ``cachebust``.
Core APIs are shipped for both cache busting via query strings and
path segments and may be extended to fit into custom asset pipelines.
See https://github.com/Pylons/pyramid/pull/1380 and
https://github.com/Pylons/pyramid/pull/1583
- Add ``pyramid.config.Configurator.root_package`` attribute and init
parameter to assist with includeable packages that wish to resolve
resources relative to the package in which the ``Configurator`` was created.
This is especially useful for addons that need to load asset specs from
settings, in which case it is may be natural for a developer to define
imports or assets relative to the top-level package.
See https://github.com/Pylons/pyramid/pull/1337
- Added line numbers to the log formatters in the scaffolds to assist with
debugging. See https://github.com/Pylons/pyramid/pull/1326
- Add new HTTP exception objects for status codes
``428 Precondition Required``, ``429 Too Many Requests`` and
``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``.
See https://github.com/Pylons/pyramid/pull/1372/files
- The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is
defined in the environment prior to launching the interpreter.
See https://github.com/Pylons/pyramid/pull/1448
- Make it simple to define notfound and forbidden views that wish to use
the default exception-response view but with altered predicates and other
configuration options. The ``view`` argument is now optional in
``config.add_notfound_view`` and ``config.add_forbidden_view``..
See https://github.com/Pylons/pyramid/issues/494
- Greatly improve the readability of the ``pcreate`` shell script output.
See https://github.com/Pylons/pyramid/pull/1453
- Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and
the ``SignedCookieSessionFactory`` classes by using the stdlib's
``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+).
See https://github.com/Pylons/pyramid/pull/1457
- Assets can now be overidden by an absolute path on the filesystem when using
the ``config.override_asset`` API. This makes it possible to fully support
serving up static content from a mutable directory while still being able
to use the ``request.static_url`` API and ``config.add_static_view``.
Previously it was not possible to use ``config.add_static_view`` with an
absolute path **and** generate urls to the content. This change replaces
the call, ``config.add_static_view('/abs/path', 'static')``, with
``config.add_static_view('myapp:static', 'static')`` and
``config.override_asset(to_override='myapp:static/',
override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely
made up and does not need to exist - it is used for generating urls
via ``request.static_url('myapp:static/foo.png')``.
See https://github.com/Pylons/pyramid/pull/1252
- Added ``pyramid.config.Configurator.set_response_factory`` and the
``response_factory`` keyword argument to the ``Configurator`` for defining
a factory that will return a custom ``Response`` class.
See https://github.com/Pylons/pyramid/pull/1499
- Allow an iterator to be returned from a renderer. Previously it was only
possible to return bytes or unicode.
See https://github.com/Pylons/pyramid/pull/1417
- ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server
URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533
- Overall improvements for the ``proutes`` command. Added ``--format`` and
``--glob`` arguments to the command, introduced the ``method``
column for displaying available request methods, and improved the ``view``
output by showing the module instead of just ``__repr__``.
See https://github.com/Pylons/pyramid/pull/1488
- Support keyword-only arguments and function annotations in views in
Python 3. See https://github.com/Pylons/pyramid/pull/1556
- ``request.response`` will no longer be mutated when using the
``pyramid.renderers.render_to_response()`` API. It is now necessary to
pass in a ``response=`` argument to ``render_to_response`` if you wish to
supply the renderer with a custom response object for it to use. If you
do not pass one then a response object will be created using the
application's ``IResponseFactory``. Almost all renderers
mutate the ``request.response`` response object (for example, the JSON
renderer sets ``request.response.content_type`` to ``application/json``).
However, when invoking ``render_to_response`` it is not expected that the
response object being returned would be the same one used later in the
request. The response object returned from ``render_to_response`` is now
explicitly different from ``request.response``. This does not change the
API of a renderer. See https://github.com/Pylons/pyramid/pull/1563
- The ``append_slash`` argument of Configurator().add_notfound_view()`` will
now accept anything that implements the ``IResponse`` interface and will use
that as the response class instead of the default ``HTTPFound``. See
https://github.com/Pylons/pyramid/pull/1610
Bug Fixes
---------
- The JSONP renderer created JavaScript code in such a way that a callback
variable could be used to arbitrarily inject javascript into the response
object. https://github.com/Pylons/pyramid/pull/1627
- Work around an issue where ``pserve --reload`` would leave terminal echo
disabled if it reloaded during a pdb session.
See https://github.com/Pylons/pyramid/pull/1577,
https://github.com/Pylons/pyramid/pull/1592
- ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise
``ValueError`` when accidentally passed ``None``.
See https://github.com/Pylons/pyramid/pull/1320
- Fix an issue whereby predicates would be resolved as maybe_dotted in the
introspectable but not when passed for registration. This would mean that
``add_route_predicate`` for example can not take a string and turn it into
the actual callable function.
See https://github.com/Pylons/pyramid/pull/1306
- Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper
package. Previously it was not possible to do package-relative includes
using the returned ``Configurator`` during testing. There is now a
``package`` argument that can override this behavior as well.
See https://github.com/Pylons/pyramid/pull/1322
- Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset
where it does not belong. See https://github.com/Pylons/pyramid/pull/1251
- Work around a bug introduced in Python 2.7.7 on Windows where
``mimetypes.guess_type`` returns Unicode rather than str for the content
type, unlike any previous version of Python. See
https://github.com/Pylons/pyramid/issues/1360 for more information.
- ``pcreate`` now normalizes the package name by converting hyphens to
underscores. See https://github.com/Pylons/pyramid/pull/1376
- Fix an issue with the final response/finished callback being unable to
add another callback to the list. See
https://github.com/Pylons/pyramid/pull/1373
- Fix a failing unittest caused by differing mimetypes across various OSs.
See https://github.com/Pylons/pyramid/issues/1405
- Fix route generation for static view asset specifications having no path.
See https://github.com/Pylons/pyramid/pull/1377
- Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no
valid request object. In this case it will not wrap the object in a
callback and thus behave just like the ``pyramid.renderers.JSON`` renderer.
See https://github.com/Pylons/pyramid/pull/1561
- Prevent "parameters to load are deprecated" ``DeprecationWarning``
from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541
- Avoiding sharing the ``IRenderer`` objects across threads when attached to
a view using the `renderer=` argument. These renderers were instantiated
at time of first render and shared between requests, causing potentially
subtle effects like `pyramid.reload_templates = true` failing to work
in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575
and https://github.com/Pylons/pyramid/issues/1268
- Avoiding timing attacks against CSRF tokens.
See https://github.com/Pylons/pyramid/pull/1574
- ``request.finished_callbacks`` and ``request.response_callbacks`` now
default to an iterable instead of ``None``. It may be checked for a length
of 0. This was the behavior in 1.5.
Deprecations
------------
- The ``pserve`` command's daemonization features have been deprecated. This
includes the ``[start,stop,restart,status]`` subcommands as well as the
``--daemon``, ``--stop-server``, ``--pid-file``, and ``--status`` flags.
Please use a real process manager in the future instead of relying on the
``pserve`` to daemonize itself. Many options exist including your Operating
System's services such as Systemd or Upstart, as well as Python-based
solutions like Circus and Supervisor.
See https://github.com/Pylons/pyramid/pull/1641
- Renamed the ``principal`` argument to ``pyramid.security.remember()`` to
``userid`` in order to clarify its intended purpose.
See https://github.com/Pylons/pyramid/pull/1399
Docs
----
- Moved the documentation for ``accept`` on ``Configurator.add_view`` to no
longer be part of the predicate list. See
https://github.com/Pylons/pyramid/issues/1391 for a bug report stating
``not_`` was failing on ``accept``. Discussion with mcdonc led to the
conclusion that it should not be documented as a predicate.
See https://github.com/Pylons/pyramid/pull/1487 for this PR
- Removed logging configuration from Quick Tutorial ini files except for
scaffolding- and logging-related chapters to avoid needing to explain it too
early.
- Clarify a previously-implied detail of the ``ISession.invalidate`` API
documentation.
- Improve and clarify the documentation on what Pyramid defines as a
``principal`` and a ``userid`` in its security APIs.
See https://github.com/Pylons/pyramid/pull/1399
- Add documentation of command line programs (``p*`` scripts). See
https://github.com/Pylons/pyramid/pull/2191
Scaffolds
---------
- Update scaffold generating machinery to return the version of pyramid and
pyramid docs for use in scaffolds. Updated starter, alchemy and zodb
templates to have links to correctly versioned documentation and reflect
which pyramid was used to generate the scaffold.
- Removed non-ascii copyright symbol from templates, as this was
causing the scaffolds to fail for project generation.
- You can now run the scaffolding func tests via ``tox py2-scaffolds`` and
``tox py3-scaffolds``.