| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bug fixes
The tornado.auth module has been updated for compatibility with a change to Facebookās access_token endpoint.
|
|
Add missing DEPENDS
Upstream changelog is too long, please visit:
http://www.tornadoweb.org/en/stable/releases/v4.3.0.html
|
|
Problems found locating distfiles:
Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
What's new in Tornado 4.2.1
===========================
Jul 17, 2015
------------
Security fix
~~~~~~~~~~~~
* This release fixes a path traversal vulnerability in `.StaticFileHandler`,
in which files whose names *started with* the ``static_path`` directory
but were not actually *in* that directory could be accessed.
|
|
What's new in Tornado 4.2
=========================
May 26, 2015
------------
Backwards-compatibility notes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``SSLIOStream.connect`` and `.IOStream.start_tls` now validate certificates
by default.
* Certificate validation will now use the system CA root certificates instead
of ``certifi`` when possible (i.e. Python 2.7.9+ or 3.4+). This includes
`.IOStream` and ``simple_httpclient``, but not ``curl_httpclient``.
* The default SSL configuration has become stricter, using
`ssl.create_default_context` where available on the client side.
(On the server side, applications are encouraged to migrate from the
``ssl_options`` dict-based API to pass an `ssl.SSLContext` instead).
* The deprecated classes in the `tornado.auth` module, ``GoogleMixin``,
``FacebookMixin``, and ``FriendFeedMixin`` have been removed.
New modules: `tornado.locks` and `tornado.queues`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
These modules provide classes for coordinating coroutines, merged from
`Toro <http://toro.readthedocs.org>`_.
To port your code from Toro's queues to Tornado 4.2, import `.Queue`,
`.PriorityQueue`, or `.LifoQueue` from `tornado.queues` instead of from
``toro``.
Use `.Queue` instead of Toro's ``JoinableQueue``. In Tornado the methods
`~.Queue.join` and `~.Queue.task_done` are available on all queues, not on a
special ``JoinableQueue``.
Tornado queues raise exceptions specific to Tornado instead of reusing
exceptions from the Python standard library.
Therefore instead of catching the standard `queue.Empty` exception from
`.Queue.get_nowait`, catch the special `tornado.queues.QueueEmpty` exception,
and instead of catching the standard `queue.Full` from `.Queue.get_nowait`,
catch `tornado.queues.QueueFull`.
To port from Toro's locks to Tornado 4.2, import `.Condition`, `.Event`,
`.Semaphore`, `.BoundedSemaphore`, or `.Lock` from `tornado.locks`
instead of from ``toro``.
Toro's ``Semaphore.wait`` allowed a coroutine to wait for the semaphore to
be unlocked *without* acquiring it. This encouraged unorthodox patterns; in
Tornado, just use `~.Semaphore.acquire`.
Toro's ``Event.wait`` raised a ``Timeout`` exception after a timeout. In
Tornado, `.Event.wait` raises `tornado.gen.TimeoutError`.
Toro's ``Condition.wait`` also raised ``Timeout``, but in Tornado, the `.Future`
returned by `.Condition.wait` resolves to False after a timeout::
@gen.coroutine
def await_notification():
if not (yield condition.wait(timeout=timedelta(seconds=1))):
print('timed out')
else:
print('condition is true')
In lock and queue methods, wherever Toro accepted ``deadline`` as a keyword
argument, Tornado names the argument ``timeout`` instead.
Toro's ``AsyncResult`` is not merged into Tornado, nor its exceptions
``NotReady`` and ``AlreadySet``. Use a `.Future` instead. If you wrote code like
this::
from tornado import gen
import toro
result = toro.AsyncResult()
@gen.coroutine
def setter():
result.set(1)
@gen.coroutine
def getter():
value = yield result.get()
print(value) # Prints "1".
Then the Tornado equivalent is::
from tornado import gen
from tornado.concurrent import Future
result = Future()
@gen.coroutine
def setter():
result.set_result(1)
@gen.coroutine
def getter():
value = yield result
print(value) # Prints "1".
`tornado.autoreload`
~~~~~~~~~~~~~~~~~~~~
* Improved compatibility with Windows.
* Fixed a bug in Python 3 if a module was imported during a reload check.
`tornado.concurrent`
~~~~~~~~~~~~~~~~~~~~
* `.run_on_executor` now accepts arguments to control which attributes
it uses to find the `.IOLoop` and executor.
`tornado.curl_httpclient`
~~~~~~~~~~~~~~~~~~~~~~~~~
* Fixed a bug that would cause the client to stop processing requests
if an exception occurred in certain places while there is a queue.
`tornado.escape`
~~~~~~~~~~~~~~~~
* `.xhtml_escape` now supports numeric character references in hex
format (`` ``)
`tornado.gen`
~~~~~~~~~~~~~
* `.WaitIterator` no longer uses weak references, which fixes several
garbage-collection-related bugs.
* `tornado.gen.Multi` and `tornado.gen.multi_future` (which are used when
yielding a list or dict in a coroutine) now log any exceptions after the
first if more than one `.Future` fails (previously they would be logged
when the `.Future` was garbage-collected, but this is more reliable).
Both have a new keyword argument ``quiet_exceptions`` to suppress
logging of certain exception types; to use this argument you must
call ``Multi`` or ``multi_future`` directly instead of simply yielding
a list.
* `.multi_future` now works when given multiple copies of the same `.Future`.
* On Python 3, catching an exception in a coroutine no longer leads to
leaks via ``Exception.__context__``.
`tornado.httpclient`
~~~~~~~~~~~~~~~~~~~~
* The ``raise_error`` argument now works correctly with the synchronous
`.HTTPClient`.
* The synchronous `.HTTPClient` no longer interferes with `.IOLoop.current()`.
`tornado.httpserver`
~~~~~~~~~~~~~~~~~~~~
* `.HTTPServer` is now a subclass of `tornado.util.Configurable`.
`tornado.httputil`
~~~~~~~~~~~~~~~~~~
* `.HTTPHeaders` can now be copied with `copy.copy` and `copy.deepcopy`.
`tornado.ioloop`
~~~~~~~~~~~~~~~~
* The `.IOLoop` constructor now has a ``make_current`` keyword argument
to control whether the new `.IOLoop` becomes `.IOLoop.current()`.
* Third-party implementations of `.IOLoop` should accept ``**kwargs``
in their `~.IOLoop.initialize` methods and pass them to the superclass
implementation.
* `.PeriodicCallback` is now more efficient when the clock jumps forward
by a large amount.
`tornado.iostream`
~~~~~~~~~~~~~~~~~~
* ``SSLIOStream.connect`` and `.IOStream.start_tls` now validate certificates
by default.
* New method `.SSLIOStream.wait_for_handshake` allows server-side applications
to wait for the handshake to complete in order to verify client certificates
or use NPN/ALPN.
* The `.Future` returned by ``SSLIOStream.connect`` now resolves after the
handshake is complete instead of as soon as the TCP connection is
established.
* Reduced logging of SSL errors.
* `.BaseIOStream.read_until_close` now works correctly when a
``streaming_callback`` is given but ``callback`` is None (i.e. when
it returns a `.Future`)
`tornado.locale`
~~~~~~~~~~~~~~~~
* New method `.GettextLocale.pgettext` allows additional context to be
supplied for gettext translations.
`tornado.log`
~~~~~~~~~~~~~
* `.define_logging_options` now works correctly when given a non-default
``options`` object.
`tornado.process`
~~~~~~~~~~~~~~~~~
* New method `.Subprocess.wait_for_exit` is a coroutine-friendly
version of `.Subprocess.set_exit_callback`.
`tornado.simple_httpclient`
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Improved performance on Python 3 by reusing a single `ssl.SSLContext`.
* New constructor argument ``max_body_size`` controls the maximum response
size the client is willing to accept. It may be bigger than
``max_buffer_size`` if ``streaming_callback`` is used.
`tornado.tcpserver`
~~~~~~~~~~~~~~~~~~~
* `.TCPServer.handle_stream` may be a coroutine (so that any exceptions
it raises will be logged).
`tornado.util`
~~~~~~~~~~~~~~
* `.import_object` now supports unicode strings on Python 2.
* `.Configurable.initialize` now supports positional arguments.
`tornado.web`
~~~~~~~~~~~~~
* Key versioning support for cookie signing. ``cookie_secret`` application
setting can now contain a dict of valid keys with version as key. The
current signing key then must be specified via ``key_version`` setting.
* Parsing of the ``If-None-Match`` header now follows the RFC and supports
weak validators.
* Passing ``secure=False`` or ``httponly=False`` to
`.RequestHandler.set_cookie` now works as expected (previously only the
presence of the argument was considered and its value was ignored).
* `.RequestHandler.get_arguments` now requires that its ``strip`` argument
be of type bool. This helps prevent errors caused by the slightly dissimilar
interfaces between the singular and plural methods.
* Errors raised in ``_handle_request_exception`` are now logged more reliably.
* `.RequestHandler.redirect` now works correctly when called from a handler
whose path begins with two slashes.
* Passing messages containing ``%`` characters to `tornado.web.HTTPError`
no longer causes broken error messages.
`tornado.websocket`
~~~~~~~~~~~~~~~~~~~
* The ``on_close`` method will no longer be called more than once.
* When the other side closes a connection, we now echo the received close
code back instead of sending an empty close frame.
|
|
Highlights
If a Future contains an exception but that exception is never
examined or re-raised (e.g. by yielding the Future), a stack
trace will be logged when the Future is garbage-collected.
New class tornado.gen.WaitIterator provides a way to iterate
over Futures in the order they resolve.
The tornado.websocket module now supports compression via the
āpermessage-deflateā extension. Override
WebSocketHandler.get_compression_options to enable on the server
side, and use the compression_options keyword argument to
websocket_connect on the client side.
When the appropriate packages are installed, it is possible to
yield asyncio.Future or Twisted Defered objects in Tornado
coroutines.
Backwards-compatibility notes
HTTPServer now calls start_request with the correct arguments.
This change is backwards-incompatible, afffecting any application
which implemented HTTPServerConnectionDelegate by following
the example of Application instead of the documented method
signatures.
tornado.concurrent
If a Future contains an exception but that exception is never
examined or re-raised (e.g. by yielding the Future), a stack
trace will be logged when the Future is garbage-collected.
Future now catches and logs exceptions in its callbacks.
tornado.curl_httpclient
tornado.curl_httpclient now supports request bodies for PATCH
and custom methods.
tornado.curl_httpclient now supports resubmitting bodies after
following redirects for methods other than POST.
curl_httpclient now runs the streaming and header callbacks on
the IOLoop.
tornado.curl_httpclient now uses its own logger for debug output
so it can be filtered more easily.
tornado.gen
New class tornado.gen.WaitIterator provides a way to iterate
over Futures in the order they resolve.
When the singledispatch library is available (standard on Python
3.4, available via pip install singledispatch on older versions),
the convert_yielded function can be used to make other kinds
of objects yieldable in coroutines.
New function tornado.gen.sleep is a coroutine-friendly analogue
to time.sleep.
gen.engine now correctly captures the stack context for its
callbacks.
tornado.httpclient
tornado.httpclient.HTTPRequest accepts a new argument
raise_error=False to suppress the default behavior of raising
an error for non-200 response codes.
tornado.httpserver
HTTPServer now calls start_request with the correct arguments.
This change is backwards-incompatible, afffecting any application
which implemented HTTPServerConnectionDelegate by following
the example of Application instead of the documented method
signatures.
HTTPServer now tolerates extra newlines which are sometimes
inserted between requests on keep-alive connections.
HTTPServer can now use keep-alive connections after a request
with a chunked body.
HTTPServer now always reports HTTP/1.1 instead of echoing the
request version.
tornado.httputil
New function tornado.httputil.split_host_and_port for parsing
the netloc portion of URLs.
The context argument to HTTPServerRequest is now optional, and
if a context is supplied the remote_ip attribute is also
optional.
HTTPServerRequest.body is now always a byte string (previously
the default empty body would be a unicode string on python 3).
Header parsing now works correctly when newline-like unicode
characters are present.
Header parsing again supports both CRLF and bare LF line
separators.
Malformed multipart/form-data bodies will always be logged
quietly instead of raising an unhandled exception; previously
the behavior was inconsistent depending on the exact error.
tornado.ioloop
The kqueue and select IOLoop implementations now report
writeability correctly, fixing flow control in IOStream.
When a new IOLoop is created, it automatically becomes ācurrentā
for the thread if there is not already a current instance.
New method PeriodicCallback.is_running can be used to see
whether the PeriodicCallback has been started.
tornado.iostream
IOStream.start_tls now uses the server_hostname parameter for
certificate validation.
SSLIOStream will no longer consume 100% CPU after certain error
conditions.
SSLIOStream no longer logs EBADF errors during the handshake
as they can result from nmap scans in certain modes.
tornado.options
parse_config_file now always decodes the config file as utf8
on Python 3.
tornado.options.define more accurately finds the module defining
the option.
tornado.platform.asyncio
It is now possible to yield asyncio.Future objects in coroutines
when the singledispatch library is available and
tornado.platform.asyncio has been imported.
New methods tornado.platform.asyncio.to_tornado_future and
to_asyncio_future convert between the two librariesā Future
classes.
tornado.platform.twisted
It is now possible to yield Deferred objects in coroutines when
the singledispatch library is available and tornado.platform.twisted
has been imported.
tornado.tcpclient
TCPClient will no longer raise an exception due to an ill-timed
timeout.
tornado.tcpserver
TCPServer no longer ignores its read_chunk_size argument.
tornado.testing
AsyncTestCase has better support for multiple exceptions.
Previously it would silently swallow all but the last; now it
raises the first and logs all the rest.
AsyncTestCase now cleans up Subprocess state on tearDown when
necessary.
tornado.web
The asynchronous decorator now understands concurrent.futures.Future
in addition to tornado.concurrent.Future.
StaticFileHandler no longer logs a stack trace if the connection
is closed while sending the file.
RequestHandler.send_error now supports a reason keyword argument,
similar to tornado.web.HTTPError.
RequestHandler.locale now has a property setter.
Application.add_handlers hostname matching now works correctly
with IPv6 literals.
Redirects for the Application default_host setting now match
the request protocol instead of redirecting HTTPS to HTTP.
Malformed _xsrf cookies are now ignored instead of causing
uncaught exceptions.
Application.start_request now has the same signature as
HTTPServerConnectionDelegate.start_request.
tornado.websocket
The tornado.websocket module now supports compression via the
āpermessage-deflateā extension. Override
WebSocketHandler.get_compression_options to enable on the server
side, and use the compression_options keyword argument to
websocket_connect on the client side.
WebSocketHandler no longer logs stack traces when the connection
is closed.
WebSocketHandler.open now accepts *args, **kw for consistency
with RequestHandler.get and related methods.
The Sec-WebSocket-Version header now includes all supported
versions.
websocket_connect now has a on_message_callback keyword argument
for callback-style use without read_message().
|
|
Bug fixes
~~~~~~~~~
* Fixed a bug that could sometimes cause a timeout to fire after being
cancelled.
* `.AsyncTestCase` once again passes along arguments to test methods,
making it compatible with extensions such as Nose's test generators.
* `.StaticFileHandler` can again compress its responses when gzip is enabled.
* ``simple_httpclient`` passes its ``max_buffer_size`` argument to the
underlying stream.
* Fixed a reference cycle that can lead to increased memory consumption.
* `.add_accept_handler` will now limit the number of times it will call
`~socket.socket.accept` per `.IOLoop` iteration, addressing a potential
starvation issue.
* Improved error handling in `.IOStream.connect` (primarily for FreeBSD
systems)
|
|
The build will now fall back to pure-python mode if the C
extension fails to build for any reason (previously it would
fall back for some errors but not others).
IOLoop.call_at and IOLoop.call_later now always return a timeout
handle for use with IOLoop.remove_timeout.
If any callback of a PeriodicCallback or IOStream returns a
Future, any error raised in that future will now be logged
(similar to the behavior of IOLoop.add_callback).
Fixed an exception in client-side websocket connections when
the connection is closed.
simple_httpclient once again correctly handles 204 status codes with no content-length header.
Fixed a regression in simple_httpclient that would result in
timeouts for certain kinds of errors.
|
|
Highlights
The tornado.web.stream_request_body decorator allows large
files to be uploaded with limited memory usage.
Coroutines are now faster and are used extensively throughout
Tornado itself. More methods now return Futures, including most
IOStream methods and RequestHandler.flush.
Many user-overridden methods are now allowed to return a Future
for flow control.
HTTP-related code is now shared between the tornado.httpserver,
tornado.simple_httpclient and tornado.wsgi modules, making
support for features such as chunked and gzip encoding more
consistent. HTTPServer now uses new delegate interfaces defined
in tornado.httputil in addition to its old single-callback
interface.
New module tornado.tcpclient creates TCP connections with
non-blocking DNS, SSL handshaking, and support for IPv6.
Backwards-compatibility notes
tornado.concurrent.Future is no longer thread-safe; use
concurrent.futures.Future when thread-safety is needed.
Tornado now depends on the certifi package instead of bundling
its own copy of the Mozilla CA list. This will be installed
automatically when using pip or easy_install.
This version includes the changes to the secure cookie format
first introduced in version 3.2.1, and the xsrf token change
in version 3.2.2. If you are upgrading from an earlier version,
see those versions' release notes.
WebSocket connections from other origin sites are now rejected
by default. To accept cross-origin websocket connections,
override the new method WebSocketHandler.check_origin.
WebSocketHandler no longer supports the old draft 76 protocol
(this mainly affects Safari 5.x browsers). Applications should
use non-websocket workarounds for these browsers.
Authors of alternative IOLoop implementations should see the
changes to IOLoop.add_handler in this release.
The RequestHandler.async_callback and WebSocketHandler.async_callback
wrapper functions have been removed; they have been obsolete
for a long time due to stack contexts (and more recently
coroutines).
curl_httpclient now requires a minimum of libcurl version 7.21.1
and pycurl 7.18.2.
Support for RequestHandler.get_error_html has been removed;
override RequestHandler.write_error instead.
|
|
Security fixes
~~~~~~~~~~~~~~
* The XSRF token is now encoded with a random mask on each request.
This makes it safe to include in compressed pages without being
vulnerable to the `BREACH attack <http://breachattack.com>`_.
This applies to most applications that use both the ``xsrf_cookies``
and ``gzip`` options (or have gzip applied by a proxy).
Backwards-compatibility notes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* If Tornado 3.2.2 is run at the same time as older versions on the same
domain, there is some potential for issues with the differing cookie
versions. The `.Application` setting ``xsrf_cookie_version=1`` can
be used for a transitional period to generate the older cookie format
on newer servers.
Other changes
~~~~~~~~~~~~~
* ``tornado.platform.asyncio`` is now compatible with ``trollius`` version 0.3.
|
|
Security fixes
The signed-value format used by RequestHandler.set_secure_cookie and
RequestHandler.get_secure_cookie has changed to be more secure. This is a
disruptive change. The secure_cookie functions take new version parameters
to support transitions between cookie formats.
The new cookie format fixes a vulnerability that may be present in
applications that use multiple cookies where the name of one cookie is a
prefix of the name of another.
To minimize disruption, cookies in the older format will be accepted by
default until they expire. Applications that may be vulnerable can reject
all cookies in the older format by passing min_version=2 to
RequestHandler.get_secure_cookie.
Thanks to Joost Pol of Certified Secure for reporting this issue.
Backwards-compatibility notes
Signed cookies issued by RequestHandler.set_secure_cookie in Tornado 3.2.1
cannot be read by older releases. If you need to run 3.2.1 in parallel with
older releases, you can pass version=1 to RequestHandler.set_secure_cookie
to issue cookies that are backwards-compatible (but have a known weakness,
so this option should only be used for a transitional period).
Other changes
The C extension used to speed up the websocket module now compiles
correctly on Windows with MSVC and 64-bit mode. The fallback to the
pure-Python alternative now works correctly on Mac OS X machines with no C
compiler installed.
|
|
What's new in Tornado 3.2
=========================
Jan 14, 2014
------------
Installation
~~~~~~~~~~
* Tornado now depends on the `backports.ssl_match_hostname
<https://pypi.python.org/pypi/backports.ssl_match_hostname>`_ when
running on Python 2. This will be installed automatically when using ``pip``
or ``easy_install``
* Tornado now includes an optional C extension module, which greatly improves
performance of websockets. This extension will be built automatically
if a C compiler is found at install time.
New modules
~~~~~~~~~
* The `tornado.platform.asyncio` module provides integration with the
``asyncio`` module introduced in Python 3.4 (also available for Python
3.3 with ``pip install asyncio``).
`tornado.auth`
~~~~~~~~~~~~
* Added `.GoogleOAuth2Mixin` support authentication to Google services
with OAuth 2 instead of OpenID and OAuth 1.
* `.FacebookGraphMixin` has been updated to use the current Facebook login
URL, which saves a redirect.
`tornado.concurrent`
~~~~~~~~~~~~~~~~~~
* `.TracebackFuture` now accepts a ``timeout`` keyword argument (although
it is still incorrect to use a non-zero timeout in non-blocking code).
``tornado.curl_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~
* ``tornado.curl_httpclient`` now works on Python 3 with the
soon-to-be-released pycurl 7.19.3, which will officially support
Python 3 for the first time. Note that there are some unofficial
Python 3 ports of pycurl (Ubuntu has included one for its past
several releases); these are not supported for use with Tornado.
`tornado.escape`
~~~~~~~~~~~~~~
* `.xhtml_escape` now escapes apostrophes as well.
* `tornado.escape.utf8`, `.to_unicode`, and `.native_str` now raise
`TypeError` instead of `AssertionError` when given an invalid value.
`tornado.gen`
~~~~~~~~~~~
* Coroutines may now yield dicts in addition to lists to wait for
multiple tasks in parallel.
* Improved performance of `tornado.gen` when yielding a `.Future` that is
already done.
`tornado.httpclient`
~~~~~~~~~~~~~~~~~~
* `tornado.httpclient.HTTPRequest` now uses property setters so that
setting attributes after construction applies the same conversions
as ``__init__`` (e.g. converting the body attribute to bytes).
`tornado.httpserver`
~~~~~~~~~~~~~~~~~~
* Malformed ``x-www-form-urlencoded`` request bodies will now log a warning
and continue instead of causing the request to fail (similar to the existing
handling of malformed ``multipart/form-data`` bodies. This is done mainly
because some libraries send this content type by default even when the data
is not form-encoded.
* Fix some error messages for unix sockets (and other non-IP sockets)
`tornado.ioloop`
~~~~~~~~~~~~~~
* `.IOLoop` now uses `~.IOLoop.handle_callback_exception` consistently for
error logging.
* `.IOLoop` now frees callback objects earlier, reducing memory usage
while idle.
* `.IOLoop` will no longer call `logging.basicConfig` if there is a handler
defined for the root logger or for the ``tornado`` or ``tornado.application``
loggers (previously it only looked at the root logger).
`tornado.iostream`
~~~~~~~~~~~~~~~~
* `.IOStream` now recognizes ``ECONNABORTED`` error codes in more places
(which was mainly an issue on Windows).
* `.IOStream` now frees memory earlier if a connection is closed while
there is data in the write buffer.
* `.PipeIOStream` now handles ``EAGAIN`` error codes correctly.
* `.SSLIOStream` now initiates the SSL handshake automatically without
waiting for the application to try and read or write to the connection.
* Swallow a spurious exception from ``set_nodelay`` when a connection
has been reset.
`tornado.locale`
~~~~~~~~~~~~~~
* `.Locale.format_date` no longer forces the use of absolute
dates in Russian.
`tornado.log`
~~~~~~~~~~~
* Fix an error from `tornado.log.enable_pretty_logging` when
`sys.stderr` does not have an ``isatty`` method.
* `tornado.log.LogFormatter` now accepts keyword arguments ``fmt``
and ``datefmt``.
`tornado.netutil`
~~~~~~~~~~~~~~~
* `.is_valid_ip` (and therefore ``HTTPRequest.remote_ip``) now rejects
empty strings.
* Synchronously using `.ThreadedResolver` at import time to resolve
a unicode hostname no longer deadlocks.
`tornado.platform.twisted`
~~~~~~~~~~~~~~~~~~~~~~~~
* `.TwistedResolver` now has better error handling.
`tornado.process`
~~~~~~~~~~~~~~~
* `.Subprocess` no longer leaks file descriptors if `subprocess.Popen` fails.
``tornado.simple_httpclient``
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``simple_httpclient`` now applies the ``connect_timeout`` to requests
that are queued and have not yet started.
* On Python 2.6, ``simple_httpclient`` now uses TLSv1 instead of SSLv3.
* ``simple_httpclient`` now enforces the connect timeout during DNS resolution.
* The embedded ``ca-certificates.crt`` file has been updated with the current
Mozilla CA list.
`tornado.web`
~~~~~~~~~~~
* `.StaticFileHandler` no longer fails if the client requests a ``Range`` that
is larger than the entire file (Facebook has a crawler that does this).
* `.RequestHandler.on_connection_close` now works correctly on subsequent
requests of a keep-alive connection.
* New application setting ``default_handler_class`` can be used to easily
set up custom 404 pages.
* New application settings ``autoreload``, ``compiled_template_cache``,
``static_hash_cache``, and ``serve_traceback`` can be used to control
individual aspects of debug mode.
* New methods `.RequestHandler.get_query_argument` and
`.RequestHandler.get_body_argument` and new attributes
`.HTTPRequest.query_arguments` and `.HTTPRequest.body_arguments` allow access
to arguments without intermingling those from the query string with those
from the request body.
* `.RequestHandler.decode_argument` and related methods now raise
an ``HTTPError(400)`` instead of `UnicodeDecodeError` when the
argument could not be decoded.
* `.RequestHandler.clear_all_cookies` now accepts ``domain`` and ``path``
arguments, just like `~.RequestHandler.clear_cookie`.
* It is now possible to specify handlers by name when using the `.URLSpec`
class.
* `.Application` now accepts 4-tuples to specify the ``name`` parameter
(which previously required constructing a `.URLSpec` object instead of
a tuple).
* Fixed an incorrect error message when handler methods return a value
other than None or a Future.
* Exceptions will no longer be logged twice when using both ``@asynchronous``
and ``@gen.coroutine``
`tornado.websocket`
~~~~~~~~~~~~~~~~~
* `.WebSocketHandler.write_message` now raises `.WebSocketClosedError` instead
of `AttributeError` when the connection has been closed.
* `.websocket_connect` now accepts preconstructed ``HTTPRequest`` objects.
* Fix a bug with `.WebSocketHandler` when used with some proxies that
unconditionally modify the ``Connection`` header.
* `.websocket_connect` now returns an error immediately for refused connections
instead of waiting for the timeout.
* `.WebSocketClientConnection` now has a ``close`` method.
`tornado.wsgi`
~~~~~~~~~~~~
* `.WSGIContainer` now calls the iterable's ``close()`` method even if
an error is raised, in compliance with the spec.
|
|
Add test target
Upstream changes:
3.0.1
Apr 8, 2013
The interface of tornado.auth.FacebookGraphMixin is now consistent with its documentation and the rest of the module. The get_authenticated_user and facebook_request methods return a Future and the callback argument is optional.
The tornado.testing.gen_test decorator will no longer be recognized as a (broken) test by nose.
Work around a bug in Ubuntu 13.04 betas involving an incomplete backport of the ssl.match_hostname function.
tornado.websocket.websocket_connect now fails cleanly when it attempts to connect to a non-websocket url.
tornado.testing.LogTrapTestCase once again works with byte strings on Python 2.
The request attribute of tornado.httpclient.HTTPResponse is now always an ~tornado.httpclient.HTTPRequest, never a _RequestProxy.
Exceptions raised by the tornado.gen module now have better messages when tuples are used as callback keys.
3.0.0
Mar 29, 2013
Highlights
The callback argument to many asynchronous methods is now optional, and these methods return a .Future. The tornado.gen module now understands Futures, and these methods can be used directly without a .gen.Task wrapper.
New function .IOLoop.current returns the .IOLoop that is running on the current thread (as opposed to .IOLoop.instance, which returns a specific thread's (usually the main thread's) IOLoop.
New class tornado.netutil.Resolver provides an asynchronous interface to DNS resolution. The default implementation is still blocking, but non-blocking implementations are available using one of three optional dependencies: ~tornado.netutil.ThreadedResolver using the concurrent.futures thread pool, tornado.platform.caresresolver.CaresResolver using the pycares library, or tornado.platform.twisted.TwistedResolver using twisted
Tornado's logging is now less noisy, and it no longer goes directly to the root logger, allowing for finer-grained configuration.
New class tornado.process.Subprocess wraps subprocess.Popen with .PipeIOStream access to the child's file descriptors.
.IOLoop now has a static configure <.Configurable.configure> method like the one on .AsyncHTTPClient, which can be used to select an .IOLoop implementation other than the default.
.IOLoop can now optionally use a monotonic clock if available (see below for more details).
Backwards-incompatible changes
Python 2.5 is no longer supported. Python 3 is now supported in a single codebase instead of using 2to3
The tornado.database module has been removed. It is now available as a separate package, torndb
Functions that take an io_loop parameter now default to .IOLoop.current() instead of .IOLoop.instance().
Empty HTTP request arguments are no longer ignored. This applies to HTTPRequest.arguments and RequestHandler.get_argument[s] in WSGI and non-WSGI modes.
On Python 3, tornado.escape.json_encode no longer accepts byte strings.
On Python 3, the get_authenticated_user methods in tornado.auth now return character strings instead of byte strings.
tornado.netutil.TCPServer has moved to its own module, tornado.tcpserver.
The Tornado test suite now requires unittest2 when run on Python 2.6.
tornado.options.options is no longer a subclass of dict; attribute-style access is now required.
Detailed changes by module
Multiple modules
Tornado no longer logs to the root logger. Details on the new logging scheme can be found under the tornado.log module. Note that in some cases this will require that you add an explicit logging configuration in order to see any output (perhaps just calling logging.basicConfig()), although both .IOLoop.start() and tornado.options.parse_command_line will do this for you.
On python 3.2+, methods that take an ssl_options argument (on .SSLIOStream, .TCPServer, and .HTTPServer) now accept either a dictionary of options or an ssl.SSLContext object.
New optional dependency on concurrent.futures to provide better support for working with threads. concurrent.futures is in the standard library for Python 3.2+, and can be installed on older versions with pip install futures.
tornado.autoreload
tornado.autoreload is now more reliable when there are errors at import time.
Calling tornado.autoreload.start (or creating an .Application with debug=True) twice on the same .IOLoop now does nothing (instead of creating multiple periodic callbacks). Starting autoreload on more than one .IOLoop in the same process now logs a warning.
Scripts run by autoreload no longer inherit __future__ imports used by Tornado.
tornado.auth
On Python 3, the get_authenticated_user method family now returns character strings instead of byte strings.
Asynchronous methods defined in tornado.auth now return a .Future, and their callback argument is optional. The Future interface is preferred as it offers better error handling (the previous interface just logged a warning and returned None).
The tornado.auth mixin classes now define a method get_auth_http_client, which can be overridden to use a non-default .AsyncHTTPClient instance (e.g. to use a different .IOLoop)
Subclasses of .OAuthMixin are encouraged to override .OAuthMixin._oauth_get_user_future instead of _oauth_get_user, although both methods are still supported.
tornado.concurrent
New module tornado.concurrent contains code to support working with concurrent.futures, or to emulate future-based interface when that module is not available.
tornado.curl_httpclient
Preliminary support for tornado.curl_httpclient on Python 3. The latest official release of pycurl only supports Python 2, but Ubuntu has a port available in 12.10 (apt-get install python3-pycurl). This port currently has bugs that prevent it from handling arbitrary binary data but it should work for textual (utf8) resources.
Fix a crash with libcurl 7.29.0 if a curl object is created and closed without being used.
tornado.escape
On Python 3, ~tornado.escape.json_encode no longer accepts byte strings. This mirrors the behavior of the underlying json module. Python 2 behavior is unchanged but should be faster.
tornado.gen
New decorator @gen.coroutine is available as an alternative to @gen.engine. It automatically returns a .Future, and within the function instead of calling a callback you return a value with raise gen.Return(value) (or simply return value in Python 3.3).
Generators may now yield .Future objects.
Callbacks produced by .gen.Callback and .gen.Task are now automatically stack-context-wrapped, to minimize the risk of context leaks when used with asynchronous functions that don't do their own wrapping.
Fixed a memory leak involving generators, .RequestHandler.flush, and clients closing connections while output is being written.
Yielding a large list no longer has quadratic performance.
tornado.httpclient
.AsyncHTTPClient.fetch now returns a .Future and its callback argument is optional. When the future interface is used, any error will be raised automatically, as if .HTTPResponse.rethrow was called.
.AsyncHTTPClient.configure and all .AsyncHTTPClient constructors now take a defaults keyword argument. This argument should be a dictionary, and its values will be used in place of corresponding attributes of ~tornado.httpclient.HTTPRequest that are not set.
All unset attributes of tornado.httpclient.HTTPRequest are now None. The default values of some attributes (connect_timeout, request_timeout, follow_redirects, max_redirects, use_gzip, proxy_password, allow_nonstandard_methods, and validate_cert have been moved from ~tornado.httpclient.HTTPRequest to the client implementations.
The max_clients argument to .AsyncHTTPClient is now a keyword-only argument.
Keyword arguments to .AsyncHTTPClient.configure are no longer used when instantiating an implementation subclass directly.
Secondary .AsyncHTTPClient callbacks (streaming_callback, header_callback, and prepare_curl_callback) now respect .StackContext.
tornado.httpserver
.HTTPServer no longer logs an error when it is unable to read a second request from an HTTP 1.1 keep-alive connection.
.HTTPServer now takes a protocol keyword argument which can be set to https if the server is behind an SSL-decoding proxy that does not set any supported X-headers.
tornado.httpserver.HTTPConnection now has a set_close_callback method that should be used instead of reaching into its stream attribute.
Empty HTTP request arguments are no longer ignored. This applies to HTTPRequest.arguments and RequestHandler.get_argument[s] in WSGI and non-WSGI modes.
tornado.ioloop
New function .IOLoop.current returns the IOLoop that is running on the current thread (as opposed to .IOLoop.instance, which returns a specific thread's (usually the main thread's) IOLoop).
New method .IOLoop.add_future to run a callback on the IOLoop when an asynchronous .Future finishes.
.IOLoop now has a static configure <.Configurable.configure> method like the one on .AsyncHTTPClient, which can be used to select an .IOLoop implementation other than the default.
The .IOLoop poller implementations (select, epoll, kqueue) are now available as distinct subclasses of .IOLoop. Instantiating .IOLoop will continue to automatically choose the best available implementation.
The .IOLoop constructor has a new keyword argument time_func, which can be used to set the time function used when scheduling callbacks. This is most useful with the time.monotonic function, introduced in Python 3.3 and backported to older versions via the monotime module. Using a monotonic clock here avoids problems when the system clock is changed.
New function .IOLoop.time returns the current time according to the IOLoop. To use the new monotonic clock functionality, all calls to .IOLoop.add_timeout must be either pass a datetime.timedelta or a time relative to .IOLoop.time, not time.time. (time.time will continue to work only as long as the IOLoop's time_func argument is not used).
New convenience method .IOLoop.run_sync can be used to start an IOLoop just long enough to run a single coroutine.
New method .IOLoop.add_callback_from_signal is safe to use in a signal handler (the regular .add_callback method may deadlock).
.IOLoop now uses signal.set_wakeup_fd where available (Python 2.6+ on Unix) to avoid a race condition that could result in Python signal handlers being delayed.
Method IOLoop.running() has been removed.
.IOLoop has been refactored to better support subclassing.
.IOLoop.add_callback and .add_callback_from_signal now take *args, **kwargs to pass along to the callback.
tornado.iostream
.IOStream.connect now has an optional server_hostname argument which will be used for SSL certificate validation when applicable. Additionally, when supported (on Python 3.2+), this hostname will be sent via SNI (and this is supported by tornado.simple_httpclient)
Much of .IOStream has been refactored into a separate class .BaseIOStream.
New class tornado.iostream.PipeIOStream provides the IOStream interface on pipe file descriptors.
.IOStream now raises a new exception tornado.iostream.StreamClosedError when you attempt to read or write after the stream has been closed (by either side).
.IOStream now simply closes the connection when it gets an ECONNRESET error, rather than logging it as an error.
IOStream.error no longer picks up unrelated exceptions.
.BaseIOStream.close now has an exc_info argument (similar to the one used in the logging module) that can be used to set the stream's error attribute when closing it.
.BaseIOStream.read_until_close now works correctly when it is called while there is buffered data.
Fixed a major performance regression when run on PyPy (introduced in Tornado 2.3).
tornado.log
New module containing .enable_pretty_logging and .LogFormatter, moved from the options module.
.LogFormatter now handles non-ascii data in messages and tracebacks better.
tornado.netutil
New class tornado.netutil.Resolver provides an asynchronous interface to DNS resolution. The default implementation is still blocking, but non-blocking implementations are available using one of three optional dependencies: ~tornado.netutil.ThreadedResolver using the concurrent.futures thread pool, tornado.platform.caresresolver.CaresResolver using the pycares library, or tornado.platform.twisted.TwistedResolver using twisted
New function tornado.netutil.is_valid_ip returns true if a given string is a valid IP (v4 or v6) address.
tornado.netutil.bind_sockets has a new flags argument that can be used to pass additional flags to getaddrinfo.
tornado.netutil.bind_sockets no longer sets AI_ADDRCONFIG; this will cause it to bind to both ipv4 and ipv6 more often than before.
tornado.netutil.bind_sockets now works when Python was compiled with --disable-ipv6 but IPv6 DNS resolution is available on the system.
tornado.netutil.TCPServer has moved to its own module, tornado.tcpserver.
tornado.options
The class underlying the functions in tornado.options is now public (tornado.options.OptionParser). This can be used to create multiple independent option sets, such as for subcommands.
tornado.options.parse_config_file now configures logging automatically by default, in the same way that ~tornado.options.parse_command_line does.
New function tornado.options.add_parse_callback schedules a callback to be run after the command line or config file has been parsed. The keyword argument final=False can be used on either parsing function to supress these callbacks.
tornado.options.define now takes a callback argument. This callback will be run with the new value whenever the option is changed. This is especially useful for options that set other options, such as by reading from a config file.
tornado.options.parse_command_line --help output now goes to stderr rather than stdout.
tornado.options.options is no longer a subclass of dict; attribute-style access is now required.
tornado.options.options (and .OptionParser instances generally) now have a .mockable() method that returns a wrapper object compatible with mock.patch <unittest.mock.patch>.
Function tornado.options.enable_pretty_logging has been moved to the tornado.log module.
tornado.platform.caresresolver
New module containing an asynchronous implementation of the .Resolver interface, using the pycares library.
tornado.platform.twisted
New class tornado.platform.twisted.TwistedIOLoop allows Tornado code to be run on the Twisted reactor (as opposed to the existing .TornadoReactor, which bridges the gap in the other direction).
New class tornado.platform.twisted.TwistedResolver is an asynchronous implementation of the .Resolver interface.
tornado.process
New class tornado.process.Subprocess wraps subprocess.Popen with .PipeIOStream access to the child's file descriptors.
tornado.simple_httpclient
SimpleAsyncHTTPClient now takes a resolver keyword argument (which may be passed to either the constructor or configure <.Configurable.configure>), to allow it to use the new non-blocking tornado.netutil.Resolver.
When following redirects, SimpleAsyncHTTPClient now treats a 302 response code the same as a 303. This is contrary to the HTTP spec but consistent with all browsers and other major HTTP clients (including CurlAsyncHTTPClient).
The behavior of header_callback with SimpleAsyncHTTPClient has changed and is now the same as that of CurlAsyncHTTPClient. The header callback now receives the first line of the response (e.g. HTTP/1.0 200 OK) and the final empty line.
tornado.simple_httpclient now accepts responses with a 304 status code that include a Content-Length header.
Fixed a bug in which SimpleAsyncHTTPClient callbacks were being run in the client's stack_context.
tornado.stack_context
.stack_context.wrap now runs the wrapped callback in a more consistent environment by recreating contexts even if they already exist on the stack.
Fixed a bug in which stack contexts could leak from one callback chain to another.
Yield statements inside a with statement can cause stack contexts to become inconsistent; an exception will now be raised when this case is detected.
tornado.template
Errors while rendering templates no longer log the generated code, since the enhanced stack traces (from version 2.1) should make this unnecessary.
The {% apply %} directive now works properly with functions that return both unicode strings and byte strings (previously only byte strings were supported).
Code in templates is no longer affected by Tornado's __future__ imports (which previously included absolute_import and division).
tornado.testing
New function tornado.testing.bind_unused_port both chooses a port and binds a socket to it, so there is no risk of another process using the same port. get_unused_port is now deprecated.
New decorator tornado.testing.gen_test can be used to allow for yielding tornado.gen objects in tests, as an alternative to the stop and wait methods of .AsyncTestCase.
tornado.testing.AsyncTestCase and friends now extend unittest2.TestCase when it is available (and continue to use the standard unittest module when unittest2 is not available)
tornado.testing.ExpectLog can be used as a finer-grained alternative to tornado.testing.LogTrapTestCase
The command-line interface to tornado.testing.main now supports additional arguments from the underlying unittest module: verbose, quiet, failfast, catch, buffer.
The deprecated --autoreload option of tornado.testing.main has been removed. Use python -m tornado.autoreload as a prefix command instead.
The --httpclient option of tornado.testing.main has been moved to tornado.test.runtests so as not to pollute the application option namespace. The tornado.options module's new callback support now makes it easy to add options from a wrapper script instead of putting all possible options in tornado.testing.main.
.AsyncHTTPTestCase no longer calls .AsyncHTTPClient.close for tests that use the singleton .IOLoop.instance.
.LogTrapTestCase no longer fails when run in unknown logging configurations. This allows tests to be run under nose, which does its own log buffering (.LogTrapTestCase doesn't do anything useful in this case, but at least it doesn't break things any more).
tornado.util
tornado.util.b (which was only intended for internal use) is gone.
tornado.web
.RequestHandler.set_header now overwrites previous header values case-insensitively.
tornado.web.RequestHandler has new attributes path_args and path_kwargs, which contain the positional and keyword arguments that are passed to the get/post/etc method. These attributes are set before those methods are called, so they are available during prepare()
tornado.web.ErrorHandler no longer requires XSRF tokens on POST requests, so posts to an unknown url will always return 404 instead of complaining about XSRF tokens.
Several methods related to HTTP status codes now take a reason keyword argument to specify an alternate "reason" string (i.e. the "Not Found" in "HTTP/1.1 404 Not Found"). It is now possible to set status codes other than those defined in the spec, as long as a reason string is given.
The Date HTTP header is now set by default on all responses.
Etag/If-None-Match requests now work with .StaticFileHandler.
.StaticFileHandler no longer sets Cache-Control: public unnecessarily.
When gzip is enabled in a tornado.web.Application, appropriate Vary: Accept-Encoding headers are now sent.
It is no longer necessary to pass all handlers for a host in a single .Application.add_handlers call. Now the request will be matched against the handlers for any host_pattern that includes the request's Host header.
tornado.websocket
Client-side WebSocket support is now available: tornado.websocket.websocket_connect
.WebSocketHandler has new methods ~.WebSocketHandler.ping and ~.WebSocketHandler.on_pong to send pings to the browser (not supported on the draft76 protocol)
|
|
Collection.
Tornado is an open source version of the scalable, non-blocking web server and
tools that power FriendFeed. The FriendFeed application is written using a web
framework that looks a bit like web.py or Google's webapp, but with additional
tools and optimizations to take advantage of the underlying non-blocking
infrastructure.
The framework is distinct from most mainstream web server frameworks (and
certainly most Python frameworks) because it is non-blocking and reasonably
fast. Because it is non-blocking and uses epoll or kqueue, it can handle
thousands of simultaneous standing connections, which means it is ideal for
real-time web services. We built the web server specifically to handle
FriendFeed's real-time features -- every active user of FriendFeed maintains
an open connection to the FriendFeed servers.
|
