From: Ben Darnell Date: Sat, 24 Oct 2015 17:18:37 +0000 (-0400) Subject: Update tests and docs for recent changes X-Git-Tag: v4.3.0b2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64c0f06d681b4885ce0f78a04ed24b91a7f68b4e;p=thirdparty%2Ftornado.git Update tests and docs for recent changes --- diff --git a/docs/releases/next.rst b/docs/releases/next.rst index 10e37e1fe..70655412e 100644 --- a/docs/releases/next.rst +++ b/docs/releases/next.rst @@ -34,6 +34,7 @@ Installation 3.5. These dependencies will be installed automatically when installing with ``pip`` or ``setup.py install``. These dependencies will not be required when running on Google App Engine. +* Binary wheels are provided for Python 3.5 on Windows (32 and 64 bit). `tornado.auth` ~~~~~~~~~~~~~~ @@ -72,6 +73,12 @@ Installation * `tornado.httpclient.HTTPError` is now copyable with the `copy` module. +`tornado.httpserver` +~~~~~~~~~~~~~~~~~~~~ + +* Requests containing both ``Content-Length`` and ``Transfer-Encoding`` + will be treated as an error. + `tornado.httputil` ~~~~~~~~~~~~~~~~~~ @@ -145,6 +152,8 @@ Installation * When following redirects, ``streaming_callback`` and ``header_callback`` will no longer be run on the redirect responses (only the final non-redirect). +* Responses containing both ``Content-Length`` and ``Transfer-Encoding`` + will be treated as an error. `tornado.template` ~~~~~~~~~~~~~~~~~~ @@ -179,6 +188,10 @@ Installation * `tornado.web.HTTPError` is now copyable with the `copy` module. * The exception `.Finish` now accepts an argument which will be passed to the method `.RequestHandler.finish`. +* New `.Application` setting ``xsrf_cookie_kwargs`` can be used to set + additional attributes such as ``secure`` or ``httponly`` on the + XSRF cookie. +* `.Application.listen` now returns the `.HTTPServer` it created. `tornado.websocket` ~~~~~~~~~~~~~~~~~~~ diff --git a/docs/web.rst b/docs/web.rst index e9bd6e1e0..a204e9d0e 100644 --- a/docs/web.rst +++ b/docs/web.rst @@ -201,6 +201,9 @@ version), but may be set to a lower value temporarily during version transitions. New in Tornado 3.2.2, which introduced XSRF cookie version 2. + * ``xsrf_cookie_kwargs``: May be set to a dictionary of + additional arguments to be passed to `.RequestHandler.set_cookie` + for the XSRF cookie. * ``twitter_consumer_key``, ``twitter_consumer_secret``, ``friendfeed_consumer_key``, ``friendfeed_consumer_secret``, ``google_consumer_key``, ``google_consumer_secret``, diff --git a/tornado/test/web_test.py b/tornado/test/web_test.py index a734a40e3..3ad70153f 100644 --- a/tornado/test/web_test.py +++ b/tornado/test/web_test.py @@ -9,7 +9,7 @@ from tornado import locale from tornado.log import app_log, gen_log from tornado.simple_httpclient import SimpleAsyncHTTPClient from tornado.template import DictLoader -from tornado.testing import AsyncHTTPTestCase, ExpectLog, gen_test +from tornado.testing import AsyncHTTPTestCase, AsyncTestCase, ExpectLog, gen_test from tornado.test.util import unittest, skipBefore35, exec_test from tornado.util import u, ObjectDict, unicode_type, timedelta_to_seconds from tornado.web import RequestHandler, authenticated, Application, asynchronous, url, HTTPError, StaticFileHandler, _create_signature_v1, create_signed_value, decode_signed_value, ErrorHandler, UIModule, MissingArgumentError, stream_request_body, Finish, removeslash, addslash, RedirectHandler as WebRedirectHandler, get_signature_key_version, GZipContentEncoding @@ -2595,6 +2595,21 @@ class XSRFTest(SimpleHandlerTestCase): self.assertEqual(response.code, 200) +@wsgi_safe +class XSRFCookieKwargsTest(SimpleHandlerTestCase): + class Handler(RequestHandler): + def get(self): + self.write(self.xsrf_token) + + def get_app_kwargs(self): + return dict(xsrf_cookies=True, + xsrf_cookie_kwargs=dict(httponly=True)) + + def test_xsrf_httponly(self): + response = self.fetch("/") + self.assertIn('HttpOnly;', response.headers['Set-Cookie']) + + @wsgi_safe class FinishExceptionTest(SimpleHandlerTestCase): class Handler(RequestHandler): @@ -2741,3 +2756,10 @@ class HTTPErrorTest(unittest.TestCase): self.assertIsNot(e, e2) self.assertEqual(e.status_code, e2.status_code) self.assertEqual(e.reason, e2.reason) + + +class ApplicationTest(AsyncTestCase): + def test_listen(self): + app = Application([]) + server = app.listen(0) + server.stop() diff --git a/tornado/web.py b/tornado/web.py index 1402bb4b5..42f41e19b 100644 --- a/tornado/web.py +++ b/tornado/web.py @@ -1143,6 +1143,14 @@ class RequestHandler(object): cookies will be converted to version 2 when this method is called unless the ``xsrf_cookie_version`` `Application` setting is set to 1. + + .. versionchanged:: 4.3 + The ``xsrf_cookie_kwargs`` `Application` setting may be + used to supply additional cookie options (which will be + passed directly to `set_cookie`). For example, + ``xsrf_cookie_kwargs=dict(httponly=True, secure=True)`` + will set the ``secure`` and ``httponly`` flags on the + ``_xsrf`` cookie. """ if not hasattr(self, "_xsrf_token"): version, token, timestamp = self._get_raw_xsrf_token() @@ -1806,6 +1814,11 @@ class Application(httputil.HTTPServerConnectionDelegate): Note that after calling this method you still need to call ``IOLoop.current().start()`` to start the server. + + Returns the `.HTTPServer` object. + + .. versionchanged:: 4.3 + Now returns the `.HTTPServer` object. """ # import is here rather than top level because HTTPServer # is not importable on appengine