b3cc73e832
Version 1.0.1 - Make the argument to ``RequestRedirect.get_response`` optional. - Only allow a single access control allow origin value. - Fix crash when trying to parse a non-existent Content Security Policy header. - ``http_date`` zero fills years < 1000 to always output four digits. - Fix missing local variables in interactive debugger console. - Fix passing file-like objects like ``io.BytesIO`` to ``FileStorage.save``. Version 1.0.0 - Drop support for Python 3.4. (:issue:`1478`) - Remove code that issued deprecation warnings in version 0.15. (:issue:`1477`) - Remove most top-level attributes provided by the ``werkzeug`` module in favor of direct imports. For example, instead of ``import werkzeug; werkzeug.url_quote``, do ``from werkzeug.urls import url_quote``. Install version 0.16 first to see deprecation warnings while upgrading. - Added ``utils.invalidate_cached_property()`` to invalidate cached properties. (:pr:`1474`) - Directive keys for the ``Set-Cookie`` response header are not ignored when parsing the ``Cookie`` request header. This allows cookies with names such as "expires" and "version". (:issue:`1495`) - Request cookies are parsed into a ``MultiDict`` to capture all values for cookies with the same key. ``cookies[key]`` returns the first value rather than the last. Use ``cookies.getlist(key)`` to get all values. ``parse_cookie`` also defaults to a ``MultiDict``. - Add ``charset=utf-8`` to an HTTP exception response's ``CONTENT_TYPE`` header. (:pr:`1526`) - The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. - The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". - The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (:pr:`1572`) - Issue a warning when the current server name does not match the configured server name. - A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. - :exc:`~exceptions.InternalServerError` has a ``original_exception`` attribute that frameworks can use to track the original cause of the error. - Headers are tested for equality independent of the header key case, such that ``X-Foo`` is the same as ``x-foo``. - :meth:`http.dump_cookie` accepts ``'None'`` as a value for ``samesite``. - :meth:`~test.Client.set_cookie` accepts a ``samesite`` argument. - Support the Content Security Policy header through the `Response.content_security_policy` data structure. - ``LanguageAccept`` will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. - ``MIMEAccept`` uses MIME parameters for specificity when matching. - If the development server is started with an ``SSLContext`` configured to verify client certificates, the certificate in PEM format will be available as ``environ["SSL_CLIENT_CERT"]``. - ``is_resource_modified`` will run for methods other than ``GET`` and ``HEAD``, rather than always returning ``False``. - ``SharedDataMiddleware`` returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. - Add a ``response.cache_control.immutable`` flag. Keep in mind that browser support for this ``Cache-Control`` header option is still experimental and may not be implemented. - Optional request log highlighting with the development server is handled by Click instead of termcolor. - Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. - ``FileStorage.save()`` supports ``pathlib`` and :pep:`519` ``PathLike`` objects. - The debugger security pin is unique in containers managed by Podman. - Building a URL when ``host_matching`` is enabled takes into account the current host when there are duplicate endpoints with different hosts. - The ``429 TooManyRequests`` and ``503 ServiceUnavailable`` HTTP exceptions takes a ``retry_after`` parameter to set the ``Retry-After`` header. - ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. - Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. - Add ``update``, ``setlist``, and ``setlistdefault`` methods to the ``Headers`` data structure. ``extend`` method can take ``MultiDict`` and kwargs. - The development server accepts paths that start with two slashes, rather than stripping off the first path segment. - Add access control (Cross Origin Request Sharing, CORS) header properties to the ``Request`` and ``Response`` wrappers. - ``Accept`` values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. - Added ``Map.lock_class`` attribute for alternative implementations. - Support matching and building WebSocket rules in the routing system, for use by async frameworks. - Range requests that span an entire file respond with 206 instead of 200, to be more compliant with :rfc:`7233`. This may help serving media to older browsers. - The :class:`~middleware.shared_data.SharedDataMiddleware` default ``fallback_mimetype`` is ``application/octet-stream``. If a filename looks like a text mimetype, the ``utf-8`` charset is added to it. This matches the behavior of :class:`~wrappers.BaseResponse` and Flask's ``send_file()``. |
||
---|---|---|
.. | ||
DESCR | ||
Makefile |