cornice 6.0.0

Define Web Services in Pyramid.

Cornice provides helpers to build & document Web Services with Pyramid.

The full documentation is available at: https://cornice.readthedocs.io

CHANGELOG

6.0.0 (2021-09-29)

Breaking changes

• Drop support of Marshmallow < 3

New features

• Add cornice.always_cors setting to force CORS headers in responses when services origins is *.

Bug fixes

• Correctly determine service with pyramid route to ensure filters are applied and apply_cors_post_request is called

5.2.0 (2021-04-06)

Internal Changes

• Support of Pyramid 2 (fixes #555)

5.1.0 (2021-02-18)

New features

• Make services with pyramid routes accessible by current_service utility method (refs #550)
• Update the generated service to look like the resource it is wrapping (#544)

Internal Changes

• Switch to Github Actions

5.0.3 (2020-08-31)

Bug fixes

• Fix missing body, headers, path, querystring when using *_validator Colander validators (#545)

Internal Changes

• Replaced mock by standard unittest.mock
• Replaced Nose test runner by pytest

5.0.2 (2020-08-12)

• Rename default renderer from cornice to cornicejson (#543)

5.0.1 (2020-05-25)

• Add setuptools python_requires check

5.0.0 (2020-05-19)

Breaking Changes

• Drop Python 2 support
• The default JSON renderer does not use simplejson.dumps() by default anymore, so the requirement has been dropped.

Please refer to upgrading docs for detailed migration instructions.

4.0.1 (2019-12-02)

Bug fixes

• Fix support of schema as class instead of instance (#523)

4.0.0 (2019-12-02)

Breaking changes

• Check for MappingSchema instance in colander_*_validator (#503)

Bug fixes

• Fix updating request.validated dict in colander_*_validator (#503)

3.6.1 (2019-11-13)

• Do not return content if response is 204 No Content (fixes #521)

3.6.0 (2019-07-24)

• Add validation support for multipart/form-data (#510)

3.5.1 (2019-01-24)

• Fix usage of localizer in Errors when l18n is deactivated. (#505)

3.5.0 (2019-01-15)

• Translate Error description field when added with request.errors.add() (#502)

3.4.4 (2018-12-12)

Internal changes

• Remove remaining usage of deprecated .best_match()

3.4.3 (2018-11-30)

Internal changes

• Remove usage of deprecated .best_match() (thanks @abk-code)

3.4.2 (2018-10-24)

Internal changes

• Fix DeprecationWarning for unrecognized backslash escapes (#491)

3.4.1 (2018-10-08)

Bug fixes

• support both marshmallow 2.x and 3.x unknown key handling (@ergo, #495)

Internal changes

• Enable support for Python 3.7
• cornice.errors and validation tests now use the builtin json module instead of simplejson (@okin, #494)
• Cleanup tests (@karantan, #488)

3.4.0 (2018-04-12)

• Add traverse support. For more information regarding Hybrid Applications see Pyramid documentation (#483).

3.3.0 (2018-04-11)

• Cornice now accepts Marshmallow schemas instead of instances (#482, @ergo)
• Marshmallow schemas get request object added to their context during validation (#482, @ergo)

3.2.0 (2018-04-03)

New features

• Add marshmallow request validation support (#475, thanks @ergo)
• Allow to reuse Pyramid existing routes in services (#477, thanks @ergo)

Documentation

• Make tutorial work for python3 users (#471, thanks @rvandegrift)

Internal changes

• Remove configuration commit (#476, thanks @ergo)
• Remove mentions of text/json in tests and docs (#478, thanks @wjehenddher)

3.1.0 (2018-02-08)

• In addition to the colander_body_validator, there are now three more similar validators: colander_headers_validator, colander_path_validator, and colander_querystring_validator.
• six is now a required dependency.

3.0.0 (2017-10-20)

Breaking changes

Please refer to upgrading docs for detailed migration instructions.

• acl and traverse parameters are not supported anymore on services
• Constructors of resource decorated classed must now be __init__(self, request, context=None)

Enhancements

• Align Cornice with Pyramid ACL pattern: Dynamic ACLs based on resource are now possible (#452, thanks @wjehenddher)

Bug fixes

• Disable CSRF check on predicate fallback view (fixes #458)
• Fix to use own validator for Header Accept (fixes #431)

2.4.0 (2017-01-19)

Enhancements

• Add support for arrays on request body top level.

2.3.0 (2016-12-15)

Enhancements

• Add support for validation with specific JSON Content-Types (i.e application/merge-patch+json).
• Add X-Content-Type-Options: nosniff headers to responses (fixes #102)
• Add a request.current_service attribute (fixes #105)

Bug fixes

• Fix cornice.cors.get_cors_preflight_view to make it parse Access-Control-Request-Headers header correctly event if its value contains zero number of white spaces between commas (#422)

Internal changes

• Clean-up an inconsistency in cornice.service.decorate_view() function where acl and factory were expected as view arguments (whereas deprecated since 1.0)

2.2.0 (2016-11-25)

Enhancements

• Add support of custom predicates in resources (#344, thanks @VDigitall!)

Internal changes

• Assert proper behaviour of UTF-8 content JSON body (#366, thanks @thruflo!)

2.1.0 (2016-10-28)

Enhancements

• Cornice.validators.colander_validator and cornice.validators.colander_body_validator now accept colander schema node instances. Previously only schema classes were accepted. For some discussion see #412.

Deprecations

• Passing schema classes to Cornice.validators.colander_validator and cornice.validators.colander_body_validator is now deprecated. (See above.)

Bug fixes

• To maintain consistency with cornice 1.2 as to the semantics of location='path', change cornice.validators.extract_cstruct so that it places request.matchdict (rather than request.path) into cstruct['path']. (#411)
• Fix cornice.validators.colander_validator so that it does nothing if schema is unset (or set to None.) Previously (contrary to its docstring) it was raising a TypeError.

Internal changes

• Raised test coverage to 100% (#417)

Huge thanks to @dairiki for his help on this release!

2.0.2 (2016-10-25)

Bug fixes

• Exclude tests from install (#407, thanks @doctaweeks!)

Internal changes

• Deprecate cornice.util.extract_json_data() and cornice.util.extract_form_urlencoded_data() in favor of cornice.validators.extract_cstruct() (#409)

2.0.1 (2016-10-24)

Bug fixes

• Fix Colander imports to make sure it remains optional (#400)
• Fix truncated JSON validation error message when request body does not contain valid JSON (#401)
• Fix docs about upgrading deserializers (#402)

2.0.0 (2016-10-20)

Breaking changes

Please refer to upgrading docs for detailed migration instructions.

• Dropped Python 2.6 support (#368)
• Got rid of Buildout files (#369)
• Got rid of Spore extension (#379)
• Moved Sphinx extension to dedicated repo (#379)
• Moved project scaffold to dedicated repo (#238, #390)
• Completely rework the schema validation features (#376, #386)
• Moved examples to dedicated repo (#392)
• Custom error_handler now receives the request instead of errors (#381)
• Errors list request.errors has no request anymore (#372, #378)
• request.errors.add() now only accepts one of header, body, url, path, querystring, cookies or method as first argument (#374)
• Remove deprecated features (#382)

Internal changes

• Take __version__ from setup.py (#358)
• Remove duplicated list of test deps in tox file (#371)

1.2.1 (2016-03-15)

Bug fixes

• Properly handle content_type callables returning a single internet media type as scalar. Thanks @amotl (#343)
• Do not raise a 415 error when no content-type and no body (#354)

Documentation

• Improve documentation regarding content type negotiation and media type validation. Thanks @amotl (#91, #343, #350)
• Fix typo in testing docs. Thanks peletiah (#348)
• Clarify docs for deferred colander validator. Thanks @antoineleclair (#352)

1.2.0 (2016-01-18)

• Adding the ability to define services imperatively. (#335)
• Clean cornice/statics/ files. (#345)

Bug fixes

• Convert None to colander.null before calling colander’s deserialize function. (#342)
• Allow i18n of colander error messages (#206)

1.1.0 (2015-09-29)

• Warn if resource collection and record paths are not distinct. Thanks @circlingthesun (#292)

Bug fixes

• Fix duplicated CORS exposed headers (#301)
• Fix setup.py in template. Thanks @areski (#296)
• Make resource test less dependent on Pyramid version (#312)
• Fix reload in sphinx extension for Python 3. Thanks @JohnBrodie (#295)
• Fix usage of Colander schema_type() and schema.typ. Thanks @tisdall (#309)
• Fix check for CORS Allow Credentials. Thanks @treerao (#320)
• Fix Access-Control-Max-Age value if undefined on service (#338)

Documentation

• Fix typos in documentation. Thanks @robvdl, @tisdall (#306, #313)
• Rewrite quickstart documentation (#305)
• Huge set of documentation improvements. Thanks @areski (#297)

1.0.0 (2015-04-15)

Breaking changes:

• ACLs are now handled per route and not per view. Thanks @circlingthesun (#287)

Other changes:

• Display default values in the sphinx documentation extension, Thanks @MikaYuoadas (#284)
• Add an option to disable Colander schema request binding. (#288)

0.20.0 (2015-03-17)

• Service.cors_supported_headers are now filtered by method and CORS options are now handled in a more consistent way (#281).

0.19.0 (2015-03-02)

• Keep fields when colander schema set “unknown=preserve”

0.18.1 (2015-02-26)

• Fix CORS protocol that was sometimes returning Access-Control-Expose-Headers on preflight request.

0.18 - 2015-02-24

• Fix CORS OPTIONS permission when using default_permission (#273)
• Ensure Colander schemas are a Mapping (#271)
• Use the tox matrix with Travis. (#272)
• Improve Sphinx documentation for schema attributes (#270)
• Set CORS headers when an exception is raised (#261)
• Remove Cornice warning when returning string or array instead of JSON (#256)
• Fix add_view decorator (#215)
• Handle per view permissions (#248)
• Handle CORS credentials origin (#263)
• Let the user choose the default content_type (#262)
• Fix spore documentation (#255)
• Handle default values in colander schemas (#253)

0.17 - 2014-08-28

• Use a string for the version number (cornice.__version__);
• Fix handling of invalid JSON input;
• Fix pyramid configurator route_prefix;
• Fix CORS behavior when using “*”;
• Support strict validation of querystring and body;
• Add support for unflatted in querystring;
• If colander defines a default value, put it in request.validated;
• Do not require a permission for the fallback view.

0.16.1 - 2013-11-12

• Added the license in the distribution tarball
• Updated the license headers of the files (to MPL v2.0)

0.16 - 2013-11-12

• Added venusion depth support to cornice.resource #187
• Add support for validation of input content other than JSON against Colander schemas: built-in support of form-urlencoded and configuration hooks for other content types #192
• Add support for pyramid traversal. #196
• bugfix: schema was only being bound to the first request #197
• bugfix: can now pass the decorator add_view parameter to the Service class #198

0.15 - 2013-10-09

• Add support for dynamic validation schemas for resources.
• Add support for context factory.
• Manually commit configuration changes.
• Add support for Colander’s drop object
• Update sphinxext to not display HEAD.
• Allow for explicitely named services created for resources.
• Raise exceptions as-is if they are not subclasses of HTTPException.
• Add a way to opt-out of the exception handling.

0.14 - 2013-06-06

• Add validation of the Content-Type header sent in requests against a list of allowed ingress content types
• Handle HTTPNotFound and HTTPForbidden in Cornice. Fix some wrong behaviour with CORS support.
• implement “415 Unsupported Media Type”
• Allow Colander schemas with sequence fields in querystring
• Remove PasteScript from the Cornice template.
• Support imperative colander schemas
• Update JSON CSRF warning filter with a better regex

0.13 - 2013-02-12

• Added Cross-Origin Resource Sharing (CORS) support.

0.12 - 2012-11-21

• Fix auto-define of HEAD views from GET views.
• Support for Colander inheritance (introduced in new versions of Colander)
• Check for errors in the body of the view and in validators (was only checking in validators previously)
• Add a __version__ utility in cornice/__init__.py

0.11 - 2012-10-22

• the sphinx extension is now provided by the cornice.ext.sphinxext module [not backward-compatible]
• Add support for SPORE
• add an optional ‘error_handler’ to view declarations.
• Services.default_{validators, filters} is now used. (Fix #75)

0.10 - 2012-08-29

• use pcreate rather than paster create.
• make it possible to add custom values to errors.

0.9 - 2012-07-26

• default schema values are assumed to be in the body
• refactored the internal APIs so we are not using decorators anymore. The service definition is now separated from the service registration in the routing mechanism.
• added class-level validators and filters
• added documentation about cornice internals
• deprecated the service.schema attribute. Use service.definitions instead.

0.8 - 2012-04-06

• added support for the ‘OPTIONS’ HTTP Verb
• allow multiple accept definitions for a service.
• get validator’s docstring for the automatic doc generation
• fixed non-ascii documentation problems
• add a way to ignore some modules when scanning with venusian.scan.

0.7 - 2012-03-12

• update license to MPL 2.0.
• renamed cornice.schemas to cornice.errors
• Added get_view_wrapper method to Service class to support subclasses wrapping the view callables w/ decorators
• added buildout support
• added class-based views and the resource decorator
• make sure we use Pyramid’s exceptions. Not Webob’s.
• added filters support
• added schema support
• added json xsrf support
• now errors status can be different from 400.

0.6 - 2011-12-21

• various fixes in MANIFEST

0.5 - 2011-12-21

• added a tutorial
• stacked @api decorator are now allowed
• added a Paster template for a quick start

0.4 - 2011-12-07

• Added a way to plug validators easily.
• Fixed documentation
• Added a way to automatically document Cornice web services
• Fixed license
• Added a way to specify the accepted Content-Type values. A 406 is raised if needed

0.3 - 2011-11-23

• remove singleton “_defined” state from Service class; this allows service definitions to be loaded into more than one Configurator.

0.2 - 2011-11-05

• Fixed the MANIFEST

0.1 - 2011-11-03

• Initial release