skip to navigation
skip to content

pyramid 1.9.1

The Pyramid Web Framework, a Pylons project


Pyramid is a small, fast, down-to-earth, open source Python web framework. It makes real-world web application development and deployment more fun, more predictable, and more productive.

from wsgiref.simple_server import make_server
from pyramid.config import Configurator
from pyramid.response import Response

def hello_world(request):
    return Response('Hello %(name)s!' % request.matchdict)

if __name__ == '__main__':
    with Configurator() as config:
        config.add_route('hello', '/hello/{name}')
        config.add_view(hello_world, route_name='hello')
        app = config.make_wsgi_app()
    server = make_server('', 8080, app)

Pyramid is a project of the Pylons Project.

Support and Documentation

See Pyramid Support and Development for documentation, reporting bugs, and getting support.

Developing and Contributing

See HACKING.txt and for guidelines on running tests, adding features, coding style, and updating documentation when developing in or contributing to Pyramid.


Pyramid is offered under the BSD-derived Repoze Public License.


Pyramid is made available by Agendaless Consulting and a team of contributors.

1.9.1 (2017-07-13)

  • Add a _depth and _category arguments to all of the venusian decorators. The _category argument can be used to affect which actions are registered when performing a config.scan(..., category=...) with a specific category. The _depth argument should be used when wrapping the decorator in your own. This change affects pyramid.view.view_config, pyramid.view.exception_view_config, pyramid.view.forbidden_view_config, pyramid.view.notfound_view_config, and pyramid.response.response_adapter decorators. See and
  • Fix a circular import which made it impossible to import pyramid.viewderivers before pyramid.config. See
  • Improve documentation to show the pyramid.config.Configurator being used as a context manager in more places. See

1.9 (2017-06-26)

  • No major changes from 1.9b1.
  • Updated documentation links for to use HTTPS.

1.9b1 (2017-06-19)

1.9a2 (2017-05-09)

Backward Incompatibilities

  • request.exception and request.exc_info will only be set if the response was generated by the EXCVIEW tween. This is to avoid any confusion where a response was generated elsewhere in the pipeline and not in direct relation to the original exception. If anyone upstream wants to catch and render responses for exceptions they should set request.exception and request.exc_info themselves to indicate the exception that was squashed when generating the response.

    Similar behavior occurs with request.invoke_exception_view in which the exception properties are set to reflect the exception if a response is successfully generated by the method.

    This is a very minor incompatibility. Most tweens right now would give priority to the raised exception and ignore request.exception. This change just improves and clarifies that bookkeeping by trying to be more clear about the relationship between the response and its squashed exception. See and

1.9a1 (2017-05-01)

Major Features

  • The file format used by all p* command line scripts such as pserve and pshell, as well as the pyramid.paster.bootstrap function is now replaceable thanks to a new dependency on plaster.

    For now, Pyramid is still shipping with integrated support for the PasteDeploy INI format by depending on the plaster_pastedeploy binding library. This may change in the future.


  • Added an execution policy hook to the request pipeline. An execution policy has the ability to control creation and execution of the request objects before they enter the rest of the pipeline. This means for a single request environ the policy may create more than one request object.

    The first library to use this feature is pyramid_retry.


  • CSRF support has been refactored out of sessions and into its own independent API in the pyramid.csrf module. It supports a pluggable pyramid.interfaces.ICSRFStoragePolicy which can be used to define your own mechanism for generating and validating CSRF tokens. By default, Pyramid continues to use the pyramid.csrf.LegacySessionCSRFStoragePolicy that uses the request.session.get_csrf_token and request.session.new_csrf_token APIs under the hood to preserve compatibility. Two new policies are shipped as well, pyramid.csrf.SessionCSRFStoragePolicy and pyramid.csrf.CookieCSRFStoragePolicy which will store the CSRF tokens in the session and in a standalone cookie, respectively. The storage policy can be changed by using the new pyramid.config.Configurator.set_csrf_storage_policy config directive.

    CSRF tokens should be used via the new pyramid.csrf.get_csrf_token, pyramid.csrf.new_csrf_token and pyramid.csrf.check_csrf_token APIs in order to continue working if the storage policy is changed. Also, the pyramid.csrf.get_csrf_token function is injected into templates to be used conveniently in UI code.

    See and

Minor Features

  • Support an open_url config setting in the pserve section of the config file. This url is used to open a web browser when pserve --browser is invoked. When this setting is unavailable the pserve script will attempt to guess the port the server is using from the server:<server_name> section of the config file but there is no requirement that the server is being run in this format so it may fail. See
  • The pyramid.config.Configurator can now be used as a context manager which will automatically push/pop threadlocals (similar to config.begin() and config.end()). It will also automatically perform a config.commit() and thus it is only recommended to be used at the top-level of your app. See
  • The threadlocals are now available inside any function invoked via config.include. This means the only config-time code that cannot rely on threadlocals is code executed from non-actions inside the main. This can be alleviated by invoking config.begin() and config.end() appropriately or using the new context manager feature of the configurator. See

Bug Fixes

  • HTTPException’s accepts a detail kwarg that may be used to pass additional details to the exception. You may now pass objects so long as they have a valid __str__ method. See
  • Fix a reference cycle causing memory leaks in which the registry would keep a Configurator instance alive even after the configurator was discarded. Another fix was also added for the global_registries object in which the registry was stored in a closure preventing it from being deallocated. See
  • Fix a bug directly invoking pyramid.scripts.pserve.main with the --reload option in which sys.argv is always used in the subprocess instead of the supplied argv. See


  • Pyramid currently depends on plaster_pastedeploy to simplify the transition to plaster by maintaining integrated support for INI files. This dependency on plaster_pastedeploy should be considered subject to Pyramid’s deprecation policy and may be removed in the future. Applications should depend on the appropriate plaster binding to satisfy their needs.

  • Retrieving CSRF token from the session has been deprecated in favor of equivalent methods in the pyramid.csrf module. The CSRF methods (ISession.get_csrf_token and ISession.new_csrf_token) are no longer required on the ISession interface except when using the default pyramid.csrf.LegacySessionCSRFStoragePolicy.

    Also, pyramid.session.check_csrf_token is now located at pyramid.csrf.check_csrf_token.

    See and

Documentation Changes

File Type Py Version Uploaded on Size
pyramid-1.9.1-py2.py3-none-any.whl (md5, pgp) Python Wheel py2.py3 2017-07-14 569KB
pyramid-1.9.1.tar.gz (md5, pgp) Source 2017-07-14 2MB