CHANGES.txt

#########
CHANGELOG
#########

3.2.0 (unreleased)
==================

- Nothing changed yet.


3.1.0 (2018-02-08)
==================

- In addition to the ``colander_body_validator``, there are now three more similar validators:
  ``colander_headers_validator``, ``colander_path_validator``, and
  ``colander_querystring_validator``.
- six is now a required dependency.


3.0.0 (2017-10-20)
==================

**Breaking changes**

 Please refer to `upgrading docs <https://cornice.readthedocs.io/en/stable/upgrading.html>`_ for detailed migration instructions.

- ``acl`` and ``traverse`` parameters are not supported anymore on services
- Constructors of resource decorated classed must now be ``__init__(self, request, context=None)``

**Enhancements**

- Align Cornice with Pyramid ACL pattern: Dynamic ACLs based
  on resource are now possible (#452, thanks @wjehenddher)

**Bug fixes**

- Disable CSRF check on predicate fallback view (fixes #458)
- Fix to use own validator for Header Accept (fixes #431)


2.4.0 (2017-01-19)
==================

**Enhancements**

- Add support for arrays on request body top level.


2.3.0 (2016-12-15)
==================

**Enhancements**

- Add support for validation with specific JSON Content-Types
  (i.e application/merge-patch+json).
- Add ``X-Content-Type-Options: nosniff`` headers to responses (fixes #102)
- Add a ``request.current_service`` attribute (fixes #105)

**Bug fixes**

- Fix ``cornice.cors.get_cors_preflight_view`` to make it parse
  `Access-Control-Request-Headers` header correctly event if its value
  contains zero number of white spaces between commas (#422)

**Internal changes**

- Clean-up an inconsistency in ``cornice.service.decorate_view()`` function
  where ``acl`` and ``factory`` were expected as view arguments (whereas
  deprecated since 1.0)


2.2.0 (2016-11-25)
==================

**Enhancements**

- Add support of custom predicates in resources (#344, thanks @VDigitall!)

**Internal changes**

- Assert proper behaviour of UTF-8 content JSON body (#366, thanks @thruflo!)


2.1.0 (2016-10-28)
==================

**Enhancements**

- ``Cornice.validators.colander_validator`` and
  ``cornice.validators.colander_body_validator`` now accept colander
  schema node instances.  Previously only schema classes were
  accepted.  For some discussion see #412.

**Deprecations**

- Passing schema classes to ``Cornice.validators.colander_validator`` and
  ``cornice.validators.colander_body_validator`` is now deprecated.
  (See above.)

**Bug fixes**

- To maintain consistency with cornice 1.2 as to the semantics of
  ``location='path'``, change ``cornice.validators.extract_cstruct``
  so that it places ``request.matchdict`` (rather than
  ``request.path``) into ``cstruct['path']``. (#411)

- Fix ``cornice.validators.colander_validator`` so that it does
  nothing if ``schema`` is unset (or set to ``None``.)  Previously
  (contrary to its docstring) it was raising a ``TypeError``.

**Internal changes**

- Raised test coverage to 100% (#417)

Huge thanks to @dairiki for his help on this release!


2.0.2 (2016-10-25)
==================

**Bug fixes**

* Exclude ``tests`` from install (#407, thanks @doctaweeks!)

**Internal changes**

- Deprecate ``cornice.util.extract_json_data()`` and ``cornice.util.extract_form_urlencoded_data()``
  in favor of ``cornice.validators.extract_cstruct()`` (#409)

2.0.1 (2016-10-24)
==================

**Bug fixes**

- Fix Colander imports to make sure it remains optional (#400)
- Fix truncated JSON validation error message when request body does not contain
  valid JSON (#401)
- Fix docs about upgrading deserializers (#402)


2.0.0 (2016-10-20)
==================

**Breaking changes**

 Please refer to `upgrading docs <https://cornice.readthedocs.io/en/stable/upgrading.html>`_ for detailed migration instructions.

- Dropped Python 2.6 support (#368)
- Got rid of Buildout files (#369)
- Got rid of Spore extension (#379)
- Moved Sphinx extension to dedicated repo (#379)
- Moved project scaffold to dedicated repo (#238, #390)
- Completely rework the schema validation features (#376, #386)
- Moved examples to dedicated repo (#392)
- Custom ``error_handler`` now receives the request instead of errors (#381)
- Errors list ``request.errors`` has no ``request`` anymore (#372, #378)
- ``request.errors.add()`` now only accepts one of ``header``, ``body``, ``url``,
  ``path``, ``querystring``, ``cookies`` or ``method`` as first argument (#374)
- Remove deprecated features (#382)

**Internal changes**

- Take ``__version__`` from setup.py (#358)
- Remove duplicated list of test deps in tox file (#371)


1.2.1 (2016-03-15)
==================

Bug fixes

- Properly handle content_type callables returning a single internet media type
  as scalar. Thanks @amotl (#343)
- Do not raise a 415 error when no content-type and no body (#354)

Documentation

- Improve documentation regarding content type negotiation and media type
  validation. Thanks @amotl (#91, #343, #350)
- Fix typo in testing docs. Thanks peletiah (#348)
- Clarify docs for deferred colander validator. Thanks @antoineleclair (#352)


1.2.0 (2016-01-18)
==================

- Adding the ability to define services imperatively. (#335)
- Clean cornice/statics/ files. (#345)

Bug fixes

- Convert ``None`` to ``colander.null``  before calling colander's ``deserialize`` function. (#342)
- Allow i18n of colander error messages (#206)


1.1.0 (2015-09-29)
==================

- Warn if resource collection and record paths are not distinct. Thanks
  @circlingthesun (#292)

Bug fixes

- Fix duplicated CORS exposed headers (#301)
- Fix setup.py in template. Thanks @areski (#296)
- Make resource test less dependent on Pyramid version (#312)
- Fix reload in sphinx extension for Python 3. Thanks @JohnBrodie (#295)
- Fix usage of Colander ``schema_type()`` and ``schema.typ``. Thanks
  @tisdall (#309)
- Fix check for CORS Allow Credentials. Thanks @treerao (#320)
- Fix Access-Control-Max-Age value if undefined on service (#338)

Documentation

- Fix typos in documentation. Thanks @robvdl, @tisdall (#306, #313)
- Rewrite quickstart documentation (#305)
- Huge set of documentation improvements. Thanks @areski (#297)


1.0.0 (2015-04-15)
==================

Breaking changes:

- ACLs are now handled per route and not per view. Thanks @circlingthesun
  (#287)

Other changes:

- Display default values in the sphinx documentation extension, Thanks
  @MikaYuoadas (#284)
- Add an option to disable Colander schema request binding. (#288)


0.20.0 (2015-03-17)
===================

- Service.cors_supported_headers are now filtered by method and CORS options
  are now handled in a more consistent way (#281).

0.19.0 (2015-03-02)
===================

- Keep fields when colander schema set "unknown=preserve"


0.18.1 (2015-02-26)
===================

- Fix CORS protocol that was sometimes returning
  Access-Control-Expose-Headers on preflight request.


0.18 - 2015-02-24
=================

- Fix CORS OPTIONS permission when using default_permission (#273)
- Ensure Colander schemas are a Mapping (#271)
- Use the tox matrix with Travis. (#272)
- Improve Sphinx documentation for schema attributes (#270)
- Set CORS headers when an exception is raised (#261)
- Remove Cornice warning when returning string or array instead of JSON (#256)
- Fix add_view decorator (#215)
- Handle per view permissions (#248)
- Handle CORS credentials origin (#263)
- Let the user choose the default content_type (#262)
- Fix spore documentation (#255)
- Handle default values in colander schemas (#253)


0.17 - 2014-08-28
=================

- Use a string for the version number (cornice.__version__);
- Fix handling of invalid JSON input;
- Fix pyramid configurator route_prefix;
- Fix CORS behavior when using "*";
- Support strict validation of querystring and body;
- Add support for unflatted in querystring;
- If colander defines a default value, put it in request.validated;
- Do not require a permission for the fallback view.


0.16.1 - 2013-11-12
===================

- Added the license in the distribution tarball
- Updated the license headers of the files (to MPL v2.0)


0.16 - 2013-11-12
=================

- Added venusion depth support to cornice.resource #187
- Add support for validation of input content other than JSON against Colander
  schemas: built-in support of form-urlencoded and configuration hooks for
  other content types #192
- Add support for pyramid traversal. #196
- bugfix: schema was only being bound to the first request #197
- bugfix: can now pass the `decorator` add_view parameter to the Service class #198


0.15 - 2013-10-09
=================

- Add support for dynamic validation schemas for resources.
- Add support for context factory.
- Manually commit configuration changes.
- Add support for Colander's drop object
- Update sphinxext to not display HEAD.
- Allow for explicitely named services created for resources.
- Raise exceptions as-is if they are not subclasses of HTTPException.
- Add a way to opt-out of the exception handling.


0.14 - 2013-06-06
=================

- Add validation of the ``Content-Type`` header sent in requests against a list of allowed ingress content types
- Handle HTTPNotFound and HTTPForbidden in Cornice. Fix some wrong behaviour with CORS support.
- implement "415 Unsupported Media Type"
- Allow Colander schemas with sequence fields in querystring
- Remove PasteScript from the Cornice template.
- Support imperative colander schemas
- Update JSON CSRF warning filter with a better regex


0.13 - 2013-02-12
=================

- Added Cross-Origin Resource Sharing (CORS) support.


0.12 - 2012-11-21
=================

- Fix auto-define of HEAD views from GET views.
- Support for Colander inheritance (introduced in new versions of Colander)
- Check for errors in the body of the view and in validators (was only checking
  in validators previously)
- Add a __version__ utility in cornice/__init__.py


0.11 - 2012-10-22
=================

- the sphinx extension is now provided by the `cornice.ext.sphinxext` module [not backward-compatible]
- Add support for SPORE
- add an optional 'error_handler' to view declarations.
- Services.default_{validators, filters} is now used. (Fix #75)


0.10 - 2012-08-29
=================

- use pcreate rather than paster create.
- make it possible to add custom values to errors.


0.9 - 2012-07-26
================

- default schema values are assumed to be in the body
- refactored the internal APIs so we are not using decorators anymore. The
  service definition is now separated from the service registration in the
  routing mechanism.
- added class-level validators and filters
- added documentation about cornice internals
- deprecated the service.schema attribute. Use service.definitions instead.


0.8 - 2012-04-06
================

- added support for the 'OPTIONS' HTTP Verb
- allow multiple accept definitions for a service.
- get validator's docstring for the automatic doc generation
- fixed non-ascii documentation problems
- add a way to ignore some modules when scanning with venusian.scan.


0.7 - 2012-03-12
================

- update license to MPL 2.0.
- renamed cornice.schemas to cornice.errors
- Added `get_view_wrapper` method to Service class to support subclasses
  wrapping the view callables w/ decorators
- added buildout support
- added class-based views and the resource decorator
- make sure we use Pyramid's exceptions. Not Webob's.
- added filters support
- added schema support
- added json xsrf support
- now errors status can be different from 400.


0.6 - 2011-12-21
================

- various fixes in MANIFEST


0.5 - 2011-12-21
================

- added a tutorial
- stacked @api decorator are now allowed
- added a Paster template for a quick start


0.4 - 2011-12-07
================

- Added a way to plug validators easily.
- Fixed documentation
- Added a way to automatically document Cornice web services
- Fixed license
- Added a way to specify the accepted Content-Type values. A 406 is raised if
  needed


0.3 - 2011-11-23
================

- remove singleton "_defined" state from Service class; this allows service
  definitions to be loaded into more than one Configurator.


0.2 - 2011-11-05
================

- Fixed the MANIFEST


0.1 - 2011-11-03
================

- Initial release