| What's new in Tornado 2.1 |
| ========================= |
| |
| Sep 20, 2011 |
| ------------ |
| |
| Backwards-incompatible changes |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| |
| * Support for secure cookies written by pre-1.0 releases of Tornado has |
| been removed. The `RequestHandler.get_secure_cookie` method no longer |
| takes an ``include_name`` parameter. |
| * The ``debug`` application setting now causes stack traces to be displayed |
| in the browser on uncaught exceptions. Since this may leak sensitive |
| information, debug mode is not recommended for public-facing servers. |
| |
| Security fixes |
| ~~~~~~~~~~~~~~ |
| |
| * Diginotar has been removed from the default CA certificates file used |
| by `SimpleAsyncHTTPClient`. |
| |
| New modules |
| ~~~~~~~~~~~ |
| |
| * `tornado.gen`: A generator-based interface to simplify writing |
| asynchronous functions. |
| * `tornado.netutil`: Parts of `tornado.httpserver` have been extracted into |
| a new module for use with non-HTTP protocols. |
| * `tornado.platform.twisted`: A bridge between the Tornado IOLoop and the |
| Twisted Reactor, allowing code written for Twisted to be run on Tornado. |
| * `tornado.process`: Multi-process mode has been improved, and can now restart |
| crashed child processes. A new entry point has been added at |
| `tornado.process.fork_processes`, although |
| `tornado.httpserver.HTTPServer.start` is still supported. |
| |
| ``tornado.web`` |
| ~~~~~~~~~~~~~~~ |
| |
| * `tornado.web.RequestHandler.write_error` replaces ``get_error_html`` as the |
| preferred way to generate custom error pages (``get_error_html`` is still |
| supported, but deprecated) |
| * In `tornado.web.Application`, handlers may be specified by |
| (fully-qualified) name instead of importing and passing the class object |
| itself. |
| * It is now possible to use a custom subclass of ``StaticFileHandler`` |
| with the ``static_handler_class`` application setting, and this subclass |
| can override the behavior of the ``static_url`` method. |
| * `~tornado.web.StaticFileHandler` subclasses can now override |
| ``get_cache_time`` to customize cache control behavior. |
| * `tornado.web.RequestHandler.get_secure_cookie` now has a ``max_age_days`` |
| parameter to allow applications to override the default one-month expiration. |
| * `~tornado.web.RequestHandler.set_cookie` now accepts a ``max_age`` keyword |
| argument to set the ``max-age`` cookie attribute (note underscore vs dash) |
| * `tornado.web.RequestHandler.set_default_headers` may be overridden to set |
| headers in a way that does not get reset during error handling. |
| * `RequestHandler.add_header` can now be used to set a header that can |
| appear multiple times in the response. |
| * `RequestHandler.flush` can now take a callback for flow control. |
| * The ``application/json`` content type can now be gzipped. |
| * The cookie-signing functions are now accessible as static functions |
| `tornado.web.create_signed_value` and `tornado.web.decode_signed_value`. |
| |
| ``tornado.httpserver`` |
| ~~~~~~~~~~~~~~~~~~~~~~ |
| |
| * To facilitate some advanced multi-process scenarios, ``HTTPServer`` |
| has a new method ``add_sockets``, and socket-opening code is |
| available separately as `tornado.netutil.bind_sockets`. |
| * The ``cookies`` property is now available on `tornado.httpserver.HTTPRequest` |
| (it is also available in its old location as a property of |
| `~tornado.web.RequestHandler`) |
| * `tornado.httpserver.HTTPServer.bind` now takes a backlog argument with the |
| same meaning as ``socket.listen``. |
| * `~tornado.httpserver.HTTPServer` can now be run on a unix socket as well |
| as TCP. |
| * Fixed exception at startup when ``socket.AI_ADDRCONFIG`` is not available, |
| as on Windows XP |
| |
| ``IOLoop`` and ``IOStream`` |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| |
| * `~tornado.iostream.IOStream` performance has been improved, especially for |
| small synchronous requests. |
| * New methods `tornado.iostream.IOStream.read_until_close` and |
| `tornado.iostream.IOStream.read_until_regex`. |
| * `IOStream.read_bytes` and `IOStream.read_until_close` now take a |
| ``streaming_callback`` argument to return data as it is received rather |
| than all at once. |
| * `IOLoop.add_timeout` now accepts `datetime.timedelta` objects in addition |
| to absolute timestamps. |
| * `~tornado.ioloop.PeriodicCallback` now sticks to the specified period |
| instead of creeping later due to accumulated errors. |
| * `tornado.ioloop.IOLoop` and `tornado.httpclient.HTTPClient` now have |
| ``close()`` methods that should be used in applications that create |
| and destroy many of these objects. |
| * `IOLoop.install` can now be used to use a custom subclass of IOLoop |
| as the singleton without monkey-patching. |
| * `~tornado.iostream.IOStream` should now always call the close callback |
| instead of the connect callback on a connection error. |
| * The `IOStream` close callback will no longer be called while there |
| are pending read callbacks that can be satisfied with buffered data. |
| |
| |
| ``tornado.simple_httpclient`` |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| |
| * Now supports client SSL certificates with the ``client_key`` and |
| ``client_cert`` parameters to `tornado.httpclient.HTTPRequest` |
| * Now takes a maximum buffer size, to allow reading files larger than 100MB |
| * Now works with HTTP 1.0 servers that don't send a Content-Length header |
| * The ``allow_nonstandard_methods`` flag on HTTP client requests now |
| permits methods other than ``POST`` and ``PUT`` to contain bodies. |
| * Fixed file descriptor leaks and multiple callback invocations in |
| `SimpleAsyncHTTPClient` |
| * No longer consumes extra connection resources when following redirects. |
| * Now works with buggy web servers that separate headers with ``\n`` instead |
| of ``\r\n\r\n``. |
| * Now sets ``response.request_time`` correctly. |
| * Connect timeouts now work correctly. |
| |
| |
| Other modules |
| ~~~~~~~~~~~~~ |
| |
| * `tornado.auth.OpenIDMixin` now uses the correct realm when the |
| callback URI is on a different domain. |
| * `tornado.autoreload` has a new command-line interface which can be used |
| to wrap any script. This replaces the ``--autoreload`` argument to |
| `tornado.testing.main` and is more robust against syntax errors. |
| * `tornado.autoreload.watch` can be used to watch files other than |
| the sources of imported modules. |
| * `tornado.database.Connection` has new variants of ``execute`` and |
| ``executemany`` that return the number of rows affected instead of |
| the last inserted row id. |
| * `tornado.locale.load_translations` now accepts any properly-formatted |
| locale name, not just those in the predefined ``LOCALE_NAMES`` list. |
| * `tornado.options.define` now takes a ``group`` parameter to group options |
| in ``--help`` output. |
| * Template loaders now take a ``namespace`` constructor argument to add |
| entries to the template namespace. |
| * `tornado.websocket` now supports the latest ("hybi-10") version of the |
| protocol (the old version, "hixie-76" is still supported; the correct |
| version is detected automatically). |
| * `tornado.websocket` now works on Python 3 |
| |
| |
| Bug fixes |
| ~~~~~~~~~ |
| |
| * Windows support has been improved. Windows is still not an officially |
| supported platform, but the test suite now passes and |
| `tornado.autoreload` works. |
| * Uploading files whose names contain special characters will now work. |
| * Cookie values containing special characters are now properly quoted |
| and unquoted. |
| * Multi-line headers are now supported. |
| * Repeated Content-Length headers (which may be added by certain proxies) |
| are now supported in `HTTPServer`. |
| * Unicode string literals now work in template expressions. |
| * The template ``{% module %}`` directive now works even if applications |
| use a template variable named ``modules``. |
| * Requests with "Expect: 100-continue" now work on python 3 |
| |