Skip to content

Commit

Permalink
changelog for Pylons#2518
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmerickel @stevepiercy
mmerickel authored and stevepiercy committed May 8, 2016
1 parent 54dd5fe commit 441a26a
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions CHANGES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
unreleased
==========

- The automatic CSRF API was reworked to use a config directive for
setting the options. The ``pyramid.require_default_csrf`` setting is
no longer supported. Instead, a new ``config.set_default_csrf_options``
directive has been introduced that allows the developer to specify
the default value for ``require_csrf`` as well as change the CSRF token,
header and safe request methods. The ``pyramid.csrf_trusted_origins``
setting is still supported.
See https://github.com/Pylons/pyramid/pull/2518

- Automatic CSRF checks are now disabled by default on exception views. They
can be turned back on by setting the appropriate `require_csrf` option on
the view.
Expand Down

0 comments on commit 441a26a

Please sign in to comment.