Skip to main content

The Pyramid Web Framework, a Pylons project

Project description

Pyramid

https://travis-ci.org/Pylons/pyramid.png?branch=1.7-branch Master Documentation Status Latest Documentation Status IRC Freenode

Pyramid is a small, fast, down-to-earth, open source Python web framework. It makes real-world web application development and deployment more fun, more predictable, and more productive.

Pyramid is produced by the Pylons Project.

Support and Documentation

See the Pylons Project website to view documentation, report bugs, and obtain support.

Developing and Contributing

See HACKING.txt and contributing.md for guidelines for running tests, adding features, coding style, and updating documentation when developing in or contributing to Pyramid.

License

Pyramid is offered under the BSD-derived Repoze Public License.

Authors

Pyramid is made available by Agendaless Consulting and a team of contributors.

1.7a1 (2016-04-16)

Backward Incompatibilities

  • Following the Pyramid deprecation period (1.4 -> 1.6), AuthTktAuthenticationPolicy’s default hashing algorithm is changing from md5 to sha512. If you are using the authentication policy and need to continue using md5, please explicitly set hashalg to ‘md5’.

    This change does mean that any existing auth tickets (and associated cookies) will no longer be valid, and users will no longer be logged in, and have to login to their accounts again.

    See https://github.com/Pylons/pyramid/pull/2496

  • The check_csrf_token function no longer validates a csrf token in the query string of a request. Only headers and request bodies are supported. See https://github.com/Pylons/pyramid/pull/2500

Features

  • Added a new setting, pyramid.require_default_csrf which may be used to turn on CSRF checks globally for every POST request in the application. This should be considered a good default for websites built on Pyramid. It is possible to opt-out of CSRF checks on a per-view basis by setting require_csrf=False on those views. See https://github.com/Pylons/pyramid/pull/2413

  • Added a require_csrf view option which will enforce CSRF checks on any request with an unsafe method as defined by RFC2616. If the CSRF check fails a BadCSRFToken exception will be raised and may be caught by exception views (the default response is a 400 Bad Request). This option should be used in place of the deprecated check_csrf view predicate which would normally result in unexpected 404 Not Found response to the client instead of a catchable exception. See https://github.com/Pylons/pyramid/pull/2413 and https://github.com/Pylons/pyramid/pull/2500

  • Added an additional CSRF validation that checks the origin/referrer of a request and makes sure it matches the current request.domain. This particular check is only active when accessing a site over HTTPS as otherwise browsers don’t always send the required information. If this additional CSRF validation fails a BadCSRFOrigin exception will be raised and may be caught by exception views (the default response is 400 Bad Request). Additional allowed origins may be configured by setting pyramid.csrf_trusted_origins to a list of domain names (with ports if on a non standard port) to allow. Subdomains are not allowed unless the domain name has been prefixed with a .. See https://github.com/Pylons/pyramid/pull/2501

  • Added a new pyramid.session.check_csrf_origin API for validating the origin or referrer headers against the request’s domain. See https://github.com/Pylons/pyramid/pull/2501

  • Pyramid HTTPExceptions will now take into account the best match for the clients Accept header, and depending on what is requested will return text/html, application/json or text/plain. The default for / is still text/html, but if application/json is explicitly mentioned it will now receive a valid JSON response. See https://github.com/Pylons/pyramid/pull/2489

  • A new event and interface (BeforeTraversal) has been introduced that will notify listeners before traversal starts in the router. See https://github.com/Pylons/pyramid/pull/2469 and https://github.com/Pylons/pyramid/pull/1876

  • Add a new “view deriver” concept to Pyramid to allow framework authors to inject elements into the standard Pyramid view pipeline and affect all views in an application. This is similar to a decorator except that it has access to options passed to config.add_view and can affect other stages of the pipeline such as the raw response from a view or prior to security checks. See https://github.com/Pylons/pyramid/pull/2021

  • Allow a leading = on the key of the request param predicate. For example, ‘=abc=1’ is equivalent down to request.params['=abc'] == '1'. See https://github.com/Pylons/pyramid/pull/1370

  • A new request.invoke_exception_view(...) method which can be used to invoke an exception view and get back a response. This is useful for rendering an exception view outside of the context of the excview tween where you may need more control over the request. See https://github.com/Pylons/pyramid/pull/2393

  • Allow using variable substitutions like %(LOGGING_LOGGER_ROOT_LEVEL)s for logging sections of the .ini file and populate these variables from the pserve command line – e.g.: pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG See https://github.com/Pylons/pyramid/pull/2399

Documentation Changes

  • A complete overhaul of the docs:

    • Use pip instead of easy_install.

    • Become opinionated by preferring Python 3.4 or greater to simplify installation of Python and its required packaging tools.

    • Use venv for the tool, and virtual environment for the thing created, instead of virtualenv.

    • Use py.test and pytest-cov instead of nose and coverage.

    • Further updates to the scaffolds as well as tutorials and their src files.

    See https://github.com/Pylons/pyramid/pull/2468

  • A complete overhaul of the alchemy scaffold as well as the Wiki2 SQLAlchemy + URLDispatch tutorial to introduce more modern features into the usage of SQLAlchemy with Pyramid and provide a better starting point for new projects. See https://github.com/Pylons/pyramid/pull/2024

Bug Fixes

  • Fix pserve --browser to use the --server-name instead of the app name when selecting a section to use. This was only working for people who had server and app sections with the same name, for example [app:main] and [server:main]. See https://github.com/Pylons/pyramid/pull/2292

Deprecations

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyramid-1.7a1.tar.gz (2.6 MB view hashes)

Uploaded Source

Built Distribution

pyramid-1.7a1-py2.py3-none-any.whl (636.7 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page