David Douard <david.douard@logilab.fr> [Tue, 27 Nov 2012 12:24:56 +0100] rev 8602
[web] add a Forbidden exception
This is similar to the Unauthorized exception, but generates a 403 error
instead of a 401 (Unauthorized)
Katia Saurfelt <katia.saurfelt@logilab.fr> [Tue, 27 Nov 2012 11:38:03 +0100] rev 8601
[web] add a ``anonymize-jsonp-queries`` option in file configuration (closes #2465388)
This option controls connection anonymizing before executing any query
for CSRF / safety reason.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Tue, 27 Nov 2012 11:27:49 +0100] rev 8600
[downloadable] fix filename in HTTP header (closes #2522325, #2522324)
Before this changeset we use the `filename` header with utf8 encoded filename
all the time.
However RFC6266 says:
The parameters "filename" and "filename*" differ only in that "filename*"
uses the encoding defined in [RFC5987], allowing the use of characters not
present in the ISO-8859-1 character set ([ISO-8859-1]).
Therefore, we alter the code to:
1. Use `filename` and `ascii` encoding whenever possible,
2. use `filename*` with `utf8` encoding otherwise (with a filename fallback for
old browser)
We also switch the `content-disposition` value to attachement if filename is
specified, this will result as a mandatory download according to RFC6266. This
mandatory download is the expected behavior.
We changes the filename encoding to RFC5987 which is simpler, supported by all
and modern browser (including IE from version 6) and does not suffer from the
continuation issue. (see ticket #2522324 for details)
Sylvain Thénault <sylvain.thenault@logilab.fr> [Tue, 27 Nov 2012 11:18:42 +0100] rev 8599
docstring typo
Sylvain Thénault <sylvain.thenault@logilab.fr> [Thu, 22 Nov 2012 16:13:43 +0100] rev 8598
[facet] make BitFieldFacet allow special 0 value. Closes #2522697
Nicolas Chauvat <nicolas.chauvat@logilab.fr> [Fri, 16 Nov 2012 12:28:30 +0100] rev 8597
[doc] ubuntu LTS is now Precise Pangolin
Sylvain Thénault <sylvain.thenault@logilab.fr> [Fri, 16 Nov 2012 11:53:17 +0100] rev 8596
backport stable
Arthur Lutz <arthur.lutz@logilab.fr> [Fri, 16 Nov 2012 11:52:06 +0100] rev 8595
[server] implement base_url with secure=True (closes #2508638)
Sylvain Thénault <sylvain.thenault@logilab.fr> [Fri, 16 Nov 2012 11:41:38 +0100] rev 8594
[validation api] properly use yams 0.36 validation error api and update message catalog. Follows bbe0d6985e59
the creation of the `translate` method in the 23a10f049447 yams commit.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Fri, 09 Nov 2012 15:27:40 +0100] rev 8593
[wsgi] saner use of `self.config` instead of `config`