From 943dbdf3083eec84e1977012256a5b63999dfc58 Mon Sep 17 00:00:00 2001 From: Ben Darnell Date: Tue, 8 Jul 2014 22:49:30 -0400 Subject: [PATCH] Add XSRF change to the release notes. --- docs/releases/next.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/releases/next.rst b/docs/releases/next.rst index 2d99dd1f..5dcd20eb 100644 --- a/docs/releases/next.rst +++ b/docs/releases/next.rst @@ -269,6 +269,11 @@ Other notes * `.StaticFileHandler` now streams response bodies to the client. * New setting ``compress_response`` replaces the existing ``gzip`` setting; both names are accepted. +* XSRF cookies that were not generated by this module (i.e. strings without + any particular formatting) are once again accepted (as long as the + cookie and body/header match). This pattern was common for + testing and non-browser clients but was broken by the changes in + Tornado 3.2.2. `tornado.websocket` ~~~~~~~~~~~~~~~~~~~