skip to navigation
skip to content

cornice 3.1.0

Define Web Services in Pyramid.

Package Documentation

Cornice provides helpers to build & document Web Services with Pyramid.

The full documentation is available at:


3.1.0 (2018-02-08)

  • In addition to the colander_body_validator, there are now three more similar validators: colander_headers_validator, colander_path_validator, and colander_querystring_validator.
  • six is now a required dependency.

3.0.0 (2017-10-20)

Breaking changes

Please refer to upgrading docs for detailed migration instructions.
  • acl and traverse parameters are not supported anymore on services
  • Constructors of resource decorated classed must now be __init__(self, request, context=None)


  • Align Cornice with Pyramid ACL pattern: Dynamic ACLs based on resource are now possible (#452, thanks @wjehenddher)

Bug fixes

  • Disable CSRF check on predicate fallback view (fixes #458)
  • Fix to use own validator for Header Accept (fixes #431)

2.4.0 (2017-01-19)


  • Add support for arrays on request body top level.

2.3.0 (2016-12-15)


  • Add support for validation with specific JSON Content-Types (i.e application/merge-patch+json).
  • Add X-Content-Type-Options: nosniff headers to responses (fixes #102)
  • Add a request.current_service attribute (fixes #105)

Bug fixes

  • Fix cornice.cors.get_cors_preflight_view to make it parse Access-Control-Request-Headers header correctly event if its value contains zero number of white spaces between commas (#422)

Internal changes

  • Clean-up an inconsistency in cornice.service.decorate_view() function where acl and factory were expected as view arguments (whereas deprecated since 1.0)

2.2.0 (2016-11-25)


  • Add support of custom predicates in resources (#344, thanks @VDigitall!)

Internal changes

  • Assert proper behaviour of UTF-8 content JSON body (#366, thanks @thruflo!)

2.1.0 (2016-10-28)


  • Cornice.validators.colander_validator and cornice.validators.colander_body_validator now accept colander schema node instances. Previously only schema classes were accepted. For some discussion see #412.


  • Passing schema classes to Cornice.validators.colander_validator and cornice.validators.colander_body_validator is now deprecated. (See above.)

Bug fixes

  • To maintain consistency with cornice 1.2 as to the semantics of location='path', change cornice.validators.extract_cstruct so that it places request.matchdict (rather than request.path) into cstruct['path']. (#411)
  • Fix cornice.validators.colander_validator so that it does nothing if schema is unset (or set to None.) Previously (contrary to its docstring) it was raising a TypeError.

Internal changes

  • Raised test coverage to 100% (#417)

Huge thanks to @dairiki for his help on this release!

2.0.2 (2016-10-25)

Bug fixes

  • Exclude tests from install (#407, thanks @doctaweeks!)

Internal changes

  • Deprecate cornice.util.extract_json_data() and cornice.util.extract_form_urlencoded_data() in favor of cornice.validators.extract_cstruct() (#409)

2.0.1 (2016-10-24)

Bug fixes

  • Fix Colander imports to make sure it remains optional (#400)
  • Fix truncated JSON validation error message when request body does not contain valid JSON (#401)
  • Fix docs about upgrading deserializers (#402)

2.0.0 (2016-10-20)

Breaking changes

Please refer to upgrading docs for detailed migration instructions.
  • Dropped Python 2.6 support (#368)
  • Got rid of Buildout files (#369)
  • Got rid of Spore extension (#379)
  • Moved Sphinx extension to dedicated repo (#379)
  • Moved project scaffold to dedicated repo (#238, #390)
  • Completely rework the schema validation features (#376, #386)
  • Moved examples to dedicated repo (#392)
  • Custom error_handler now receives the request instead of errors (#381)
  • Errors list request.errors has no request anymore (#372, #378)
  • request.errors.add() now only accepts one of header, body, url, path, querystring, cookies or method as first argument (#374)
  • Remove deprecated features (#382)

Internal changes

  • Take __version__ from (#358)
  • Remove duplicated list of test deps in tox file (#371)

1.2.1 (2016-03-15)

Bug fixes

  • Properly handle content_type callables returning a single internet media type as scalar. Thanks @amotl (#343)
  • Do not raise a 415 error when no content-type and no body (#354)


  • Improve documentation regarding content type negotiation and media type validation. Thanks @amotl (#91, #343, #350)
  • Fix typo in testing docs. Thanks peletiah (#348)
  • Clarify docs for deferred colander validator. Thanks @antoineleclair (#352)

1.2.0 (2016-01-18)

  • Adding the ability to define services imperatively. (#335)
  • Clean cornice/statics/ files. (#345)

Bug fixes

  • Convert None to colander.null before calling colander’s deserialize function. (#342)
  • Allow i18n of colander error messages (#206)

1.1.0 (2015-09-29)

  • Warn if resource collection and record paths are not distinct. Thanks @circlingthesun (#292)

Bug fixes

  • Fix duplicated CORS exposed headers (#301)
  • Fix in template. Thanks @areski (#296)
  • Make resource test less dependent on Pyramid version (#312)
  • Fix reload in sphinx extension for Python 3. Thanks @JohnBrodie (#295)
  • Fix usage of Colander schema_type() and schema.typ. Thanks @tisdall (#309)
  • Fix check for CORS Allow Credentials. Thanks @treerao (#320)
  • Fix Access-Control-Max-Age value if undefined on service (#338)


  • Fix typos in documentation. Thanks @robvdl, @tisdall (#306, #313)
  • Rewrite quickstart documentation (#305)
  • Huge set of documentation improvements. Thanks @areski (#297)

1.0.0 (2015-04-15)

Breaking changes:

  • ACLs are now handled per route and not per view. Thanks @circlingthesun (#287)

Other changes:

  • Display default values in the sphinx documentation extension, Thanks @MikaYuoadas (#284)
  • Add an option to disable Colander schema request binding. (#288)

0.20.0 (2015-03-17)

  • Service.cors_supported_headers are now filtered by method and CORS options are now handled in a more consistent way (#281).

0.19.0 (2015-03-02)

  • Keep fields when colander schema set “unknown=preserve”

0.18.1 (2015-02-26)

  • Fix CORS protocol that was sometimes returning Access-Control-Expose-Headers on preflight request.

0.18 - 2015-02-24

  • Fix CORS OPTIONS permission when using default_permission (#273)
  • Ensure Colander schemas are a Mapping (#271)
  • Use the tox matrix with Travis. (#272)
  • Improve Sphinx documentation for schema attributes (#270)
  • Set CORS headers when an exception is raised (#261)
  • Remove Cornice warning when returning string or array instead of JSON (#256)
  • Fix add_view decorator (#215)
  • Handle per view permissions (#248)
  • Handle CORS credentials origin (#263)
  • Let the user choose the default content_type (#262)
  • Fix spore documentation (#255)
  • Handle default values in colander schemas (#253)

0.17 - 2014-08-28

  • Use a string for the version number (cornice.__version__);
  • Fix handling of invalid JSON input;
  • Fix pyramid configurator route_prefix;
  • Fix CORS behavior when using “*”;
  • Support strict validation of querystring and body;
  • Add support for unflatted in querystring;
  • If colander defines a default value, put it in request.validated;
  • Do not require a permission for the fallback view.

0.16.1 - 2013-11-12

  • Added the license in the distribution tarball
  • Updated the license headers of the files (to MPL v2.0)

0.16 - 2013-11-12

  • Added venusion depth support to cornice.resource #187
  • Add support for validation of input content other than JSON against Colander schemas: built-in support of form-urlencoded and configuration hooks for other content types #192
  • Add support for pyramid traversal. #196
  • bugfix: schema was only being bound to the first request #197
  • bugfix: can now pass the decorator add_view parameter to the Service class #198

0.15 - 2013-10-09

  • Add support for dynamic validation schemas for resources.
  • Add support for context factory.
  • Manually commit configuration changes.
  • Add support for Colander’s drop object
  • Update sphinxext to not display HEAD.
  • Allow for explicitely named services created for resources.
  • Raise exceptions as-is if they are not subclasses of HTTPException.
  • Add a way to opt-out of the exception handling.

0.14 - 2013-06-06

  • Add validation of the Content-Type header sent in requests against a list of allowed ingress content types
  • Handle HTTPNotFound and HTTPForbidden in Cornice. Fix some wrong behaviour with CORS support.
  • implement “415 Unsupported Media Type”
  • Allow Colander schemas with sequence fields in querystring
  • Remove PasteScript from the Cornice template.
  • Support imperative colander schemas
  • Update JSON CSRF warning filter with a better regex

0.13 - 2013-02-12

  • Added Cross-Origin Resource Sharing (CORS) support.

0.12 - 2012-11-21

  • Fix auto-define of HEAD views from GET views.
  • Support for Colander inheritance (introduced in new versions of Colander)
  • Check for errors in the body of the view and in validators (was only checking in validators previously)
  • Add a __version__ utility in cornice/

0.11 - 2012-10-22

  • the sphinx extension is now provided by the cornice.ext.sphinxext module [not backward-compatible]
  • Add support for SPORE
  • add an optional ‘error_handler’ to view declarations.
  • Services.default_{validators, filters} is now used. (Fix #75)

0.10 - 2012-08-29

  • use pcreate rather than paster create.
  • make it possible to add custom values to errors.

0.9 - 2012-07-26

  • default schema values are assumed to be in the body
  • refactored the internal APIs so we are not using decorators anymore. The service definition is now separated from the service registration in the routing mechanism.
  • added class-level validators and filters
  • added documentation about cornice internals
  • deprecated the service.schema attribute. Use service.definitions instead.

0.8 - 2012-04-06

  • added support for the ‘OPTIONS’ HTTP Verb
  • allow multiple accept definitions for a service.
  • get validator’s docstring for the automatic doc generation
  • fixed non-ascii documentation problems
  • add a way to ignore some modules when scanning with venusian.scan.

0.7 - 2012-03-12

  • update license to MPL 2.0.
  • renamed cornice.schemas to cornice.errors
  • Added get_view_wrapper method to Service class to support subclasses wrapping the view callables w/ decorators
  • added buildout support
  • added class-based views and the resource decorator
  • make sure we use Pyramid’s exceptions. Not Webob’s.
  • added filters support
  • added schema support
  • added json xsrf support
  • now errors status can be different from 400.

0.6 - 2011-12-21

  • various fixes in MANIFEST

0.5 - 2011-12-21

  • added a tutorial
  • stacked @api decorator are now allowed
  • added a Paster template for a quick start

0.4 - 2011-12-07

  • Added a way to plug validators easily.
  • Fixed documentation
  • Added a way to automatically document Cornice web services
  • Fixed license
  • Added a way to specify the accepted Content-Type values. A 406 is raised if needed

0.3 - 2011-11-23

  • remove singleton “_defined” state from Service class; this allows service definitions to be loaded into more than one Configurator.

0.2 - 2011-11-05

  • Fixed the MANIFEST

0.1 - 2011-11-03

  • Initial release
File Type Py Version Uploaded on Size
cornice-3.1.0-py2.py3-none-any.whl (md5) Python Wheel py2.py3 2018-02-08 32KB
cornice-3.1.0.tar.gz (md5) Source 2018-02-08 25KB