1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
Unreleased
----------
Bugfix
~~~~~~
- Decoding deflate-encoded responses now supports data which is packed in
a zlib container as it is supposed to be. The old, non-standard behaviour
is still supported.
See https://github.com/Pylons/webob/pull/426
1.8.6 (2020-01-21)
------------------
Experimental Features
~~~~~~~~~~~~~~~~~~~~~
- The SameSite value now includes a new option named "None", this is a new
change that was introduced in
https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
Please be aware that older clients are incompatible with this change:
https://www.chromium.org/updates/same-site/incompatible-clients, WebOb does
not enable SameSite on cookies by default, so there is no backwards
incompatible change here.
See https://github.com/Pylons/webob/issues/406
- Validation of SameSite values can be disabled by toggling a module flag. This
is in anticipation of future changes in evolving cookie standards.
The discussion in https://github.com/Pylons/webob/pull/407 (which initially
expanded the allowed options) notes the sudden change to browser cookie
implementation details may happen again.
In May 2019, Google announced a new model for privacy controls in their
browsers, which affected the list of valid options for the SameSite attribute
of cookies. In late 2019, the company began to roll out these changes to their
browsers to force developer adoption of the new specification.
See https://www.chromium.org/updates/same-site and
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html for more
details on this change.
See https://github.com/Pylons/webob/pull/409
1.8.5 (2019-01-03)
------------------
Warnings
~~~~~~~~
- Fixed one last remaining invalid escape sequence in a docstring.
1.8.4 (2018-11-11)
------------------
Bugfix
~~~~~~
- Response.content_type now accepts unicode strings on Python 2 and encodes
them to latin-1. See https://github.com/Pylons/webob/pull/389 and
https://github.com/Pylons/webob/issues/388
- Accept header classes now support a .copy() function that may be used to
create a copy. This allows ``create_accept_header`` and other like functions
to accept an pre-existing Accept header. See
https://github.com/Pylons/webob/pull/386 and
https://github.com/Pylons/webob/issues/385
Warnings
~~~~~~~~
- Some backslashes introduced with the new accept handling code were causing
DeprecationWarnings upon compiling the source to pyc files, all of the
backslashes have been reigned in as appropriate, and users should no longer
see DeprecationWarnings for invalid escape sequence. See
https://github.com/Pylons/webob/issues/384
1.8.3 (2018-10-14)
------------------
Bugfix
~~~~~~
- ``acceptparse.AcceptValidHeader``, ``acceptparse.AcceptInvalidHeader``, and
``acceptparse.AcceptNoHeader`` will now always ignore offers that do not
match the required media type grammar when calling ``.acceptable_offers()``.
Previous versions raised a ``ValueError`` for invalid offers in
``AcceptValidHeader`` and returned them as acceptable in the others.
See https://github.com/Pylons/webob/pull/372
Feature
~~~~~~~
- Add Request.remote_host, exposing REMOTE_HOST environment variable.
- Added ``acceptparse.Accept.parse_offer`` to codify what types of offers
are compatible with ``acceptparse.AcceptValidHeader.acceptable_offers``,
``acceptparse.AcceptMissingHeader.acceptable_offers``, and
``acceptparse.AcceptInvalidHeader.acceptable_offers``. This API also
normalizes the offer with lowercased type/subtype and parameter names.
See https://github.com/Pylons/webob/pull/376 and
https://github.com/Pylons/webob/pull/379
1.8.2 (2018-06-05)
------------------
Bugfix
~~~~~~
- SameSite may now be passed as str or bytes to `Response.set_cookie` and
`cookies.make_cookie`. This was an oversight as all other arguments would be
correctly coerced before being serialized. See
https://github.com/Pylons/webob/issues/361 and
https://github.com/Pylons/webob/pull/362
1.8.1 (2018-04-10)
------------------
Bugfix
~~~~~~
- acceptparse.MIMEAccept which is deprecated in WebOb 1.8.0 made a backwards
incompatible change that led to it raising on an invalid Accept header. This
behaviour has now been reversed, as well as some other fixes to allow
MIMEAccept to behave more like the old version. See
https://github.com/Pylons/webob/pull/356
1.8.0 (2018-04-04)
------------------
Feature
~~~~~~~
- ``request.POST`` now supports any requests with the appropriate
Content-Type. Allowing any HTTP method to access form encoded content,
including DELETE, PUT, and others. See
https://github.com/Pylons/webob/pull/352
Compatibility
~~~~~~~~~~~~~
- WebOb is no longer officially supported on Python 3.3 which was EOL'ed on
2017-09-29.
Backwards Incompatibilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Many changes have been made to the way WebOb does Accept handling, not just
for the Accept header itself, but also for Accept-Charset, Accept-Encoding
and Accept-Language. This was a `Google Summer of Code
<https://developers.google.com/open-source/gsoc/>`_ project completed by
Whiteroses (https://github.com/whiteroses). Many thanks to Google for running
GSoC, the Python Software Foundation for organising and a huge thanks to Ira
for completing the work. See https://github.com/Pylons/webob/pull/338 and
https://github.com/Pylons/webob/pull/335. Documentation is available at
https://docs.pylonsproject.org/projects/webob/en/master/api/webob.html
- When calling a ``@wsgify`` decorated function, the default arguments passed
to ``@wsgify`` are now used when called with the request, and not as a
`start_response`
.. code::
def hello(req, name):
return "Hello, %s!" % name
app = wsgify(hello, args=("Fred",))
req = Request.blank('/')
resp = req.get_response(app) # => "Hello, Fred"
resp2 = app(req) # => "Hello, Fred"
Previously the ``resp2`` line would have failed with a ``TypeError``. With
this change there is no way to override the default arguments with no
arguments. See https://github.com/Pylons/webob/pull/203
- When setting ``app_iter`` on a ``Response`` object the ``content_md5`` header
is no longer cleared. This behaviour is odd and disallows setting the
``content_md5`` and then returning an iterator for chunked content encoded
responses. See https://github.com/Pylons/webob/issues/86
Experimental Features
~~~~~~~~~~~~~~~~~~~~~
These features are experimental and may change at any point in the future.
- The cookie APIs now have the ability to set the SameSite attribute on a
cookie in both ``webob.cookies.make_cookie`` and
``webob.cookies.CookieProfile``. See https://github.com/Pylons/webob/pull/255
Bugfix
~~~~~~
- Exceptions now use string.Template.safe_substitute rather than
string.Template.substitute. The latter would raise for missing mappings, the
former will simply not substitute the missing variable. This is safer in case
the WSGI environ does not contain the keys necessary for the body template.
See https://github.com/Pylons/webob/issues/345.
- Request.host_url, Request.host_port, Request.domain correctly parse IPv6 Host
headers as provided by a browser. See
https://github.com/Pylons/webob/pull/332
- Request.authorization would raise ValueError for unusual or malformed header
values. See https://github.com/Pylons/webob/issues/231
- Allow unnamed fields in form data to be properly transcoded when calling
request.decode with an alternate encoding. See
https://github.com/Pylons/webob/pull/309
- ``Response.__init__`` would discard ``app_iter`` when a ``Response`` had no
body, this would cause issues when ``app_iter`` was an object that was tied
to the life-cycle of a web application and had to be properly closed.
``app_iter`` is more advanced API for ``Response`` and thus even if it
contains a body and is thus against the HTTP RFC's, we should let the users
shoot themselves by returning a body. See
https://github.com/Pylons/webob/issues/305
|
