- 11 8月, 2023 5 次提交
-
-
由 Ben Darnell 提交于
Release notes for 6.3.3
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
httpserver_test: Add ExpectLog to fix CI
-
由 Ben Darnell 提交于
The github security advisory feature lets you make private PRs but it apparently doesn't support CI so this log failure wasn't caught until after the PR was merged.
-
由 Ben Darnell 提交于
http1connection: Make content-length parsing more strict
-
- 09 8月, 2023 3 次提交
-
-
由 Ben Darnell 提交于
Content-length and chunk size parsing now strictly matches the RFCs. We previously used the python int() function which accepted leading plus signs and internal underscores, which are not allowed by the HTTP RFCs (it also accepts minus signs, but these are less problematic in this context since they'd result in errors elsewhere) It is important to fix this because when combined with certain proxies, the lax parsing could result in a request smuggling vulnerability (if both Tornado and the proxy accepted an invalid content-length but interpreted it differently). This is known to occur with old versions of haproxy, although the current version of haproxy is unaffected.
-
由 Ben Darnell 提交于
web_test: Fix open redirect test on windows
-
由 Ben Darnell 提交于
Drive letters in windows absolute paths mess up this test, so remove them and use a path relative to the drive root instead.
-
- 07 8月, 2023 1 次提交
-
-
由 Ben Darnell 提交于
Fix syntax error in docstring
-
- 04 8月, 2023 1 次提交
-
-
由 Shinichi Hemmi 提交于
-
- 27 7月, 2023 10 次提交
-
-
由 Ben Darnell 提交于
Update mypy/typeshed, update a few types
-
由 Ben Darnell 提交于
This required a recent update to typeshed/mypy. Fixes #3093
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
Fixes a conflict between pip-tools and pip.
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
autoreload: Various updates
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
This flag terminates the autoreload loop after the first successful run. This makes it possible to cleanly shut down a process that is using "python -m tornado.autoreload" without printing a traceback. Fixes #2398
-
- 26 7月, 2023 2 次提交
-
-
由 Ben Darnell 提交于
build(deps): bump certifi from 2022.12.7 to 2023.7.22
-
由 dependabot[bot] 提交于
Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22. - [Commits](https://github.com/certifi/python-certifi/compare/2022.12.07...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: Ndependabot[bot] <support@github.com>
-
- 23 7月, 2023 5 次提交
-
-
由 Ben Darnell 提交于
A previous commit added support for using autoreload within programs that were started as directories; this commit supports them when run with the -m tornado.autoreload wrapper. This change may have side effects for file mode since we now use runpy.run_path instead of executing the file by hand (I don't think the run_path function existed when this code was originally written).
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
This will make it easier to add other options (for #2398)
-
由 Ben Darnell 提交于
Running a directory has some but not all of the behavior of running a module, including setting __spec__, so we must be careful not to break things by assuming that __spec__ means module mode. Fixes #2855
-
由 Ben Darnell 提交于
build(deps): bump pygments from 2.14.0 to 2.15.0
-
- 20 7月, 2023 1 次提交
-
-
由 dependabot[bot] 提交于
Bumps [pygments](https://github.com/pygments/pygments) from 2.14.0 to 2.15.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](https://github.com/pygments/pygments/compare/2.14.0...2.15.0) --- updated-dependencies: - dependency-name: pygments dependency-type: indirect ... Signed-off-by: Ndependabot[bot] <support@github.com>
-
- 08 7月, 2023 10 次提交
-
-
由 Ben Darnell 提交于
asyncio: Remove atexit hook
-
由 Ben Darnell 提交于
This hook was added because of an only-in-CI issue, but we have since improved our cleanup of the selector thread. As long as this passes CI, I think we can remove the atexit hook. Fixes #3291
-
由 Ben Darnell 提交于
auth: Various updates
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
-
由 Ben Darnell 提交于
Matches a change made to the Google auth mixin in a previous commit. Fixes #756
-
由 Ben Darnell 提交于
The read_stream scope was replaced with user_posts; this change was made to demos/facebook/facebook.py in #1674 but the corresponding comment was not updated. The offline_access scope has also been removed but seems irrelvant to this comment. Fixes #1566
-
由 Ben Darnell 提交于
Add some more detail to app registration docs. This was done mainly to verify that we don't need to introduce new parameters as requested in #2140 Closes #2140
-
由 Ben Darnell 提交于
It's unclear to what extent this class still works given Twitter's recent API changes. Deprecate it since I don't intend to track future changes here.
-
由 Ben Darnell 提交于
OAuth2Mixin.authorize_redirect has never used this argument and similar methods in this module don't have it. Closes #1122
-
- 22 6月, 2023 2 次提交
-
-
由 Ben Darnell 提交于
test: Add test for open redirect fixed in 6.3.2
-
由 Ben Darnell 提交于
-