WebOb


NameWebOb JSON
Version 1.8.8 PyPI version JSON
download
home_pagehttp://webob.org/
SummaryWSGI request and response object
upload_time2024-08-14 04:51:07
maintainerPylons Project
docs_urlNone
authorIan Bicking
requires_python!=3.0.*,!=3.1.*,!=3.2.*,>=2.7
licenseMIT
keywords wsgi request web http
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            WebOb
=====

.. image:: https://travis-ci.org/Pylons/webob.png?branch=master
        :target: https://travis-ci.org/Pylons/webob

.. image:: https://readthedocs.org/projects/webob/badge/?version=stable
        :target: https://docs.pylonsproject.org/projects/webob/en/stable/
        :alt: Documentation Status

WebOb provides objects for HTTP requests and responses.  Specifically
it does this by wrapping the `WSGI <http://wsgi.readthedocs.io/en/latest/>`_ request
environment and response status/headers/app_iter(body).

The request and response objects provide many conveniences for parsing
HTTP request and forming HTTP responses.  Both objects are read/write:
as a result, WebOb is also a nice way to create HTTP requests and
parse HTTP responses.

Support and Documentation
-------------------------

See the `WebOb Documentation website <https://docs.pylonsproject.org/projects/webob/en/stable/>`_ to view
documentation, report bugs, and obtain support.

License
-------

WebOb is offered under the `MIT-license
<https://docs.pylonsproject.org/projects/webob/en/stable/license.html>`_.

Authors
-------

WebOb was authored by Ian Bicking and is currently maintained by the `Pylons
Project <https://pylonsproject.org/>`_ and a team of contributors.

1.8.8 (2024-08-13)
------------------

Security Fix
~~~~~~~~~~~~

- The use of WebOb's Response object to redirect a request to a new location
  can lead to an open redirect if the Location header is not a full URI.

  See https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3
  and CVE-2024-42353

  Thanks to Sara Gao for the report

1.8.7 (2021-02-17)
------------------

Bugfix
~~~~~~

- Decoding deflate-encoded responses now supports data which is packed in
  a zlib container as it is supposed to be. The old, non-standard behaviour
  is still supported.

  See https://github.com/Pylons/webob/pull/426


1.8.6 (2020-01-21)
------------------

Experimental Features
~~~~~~~~~~~~~~~~~~~~~

- The SameSite value now includes a new option named "None", this is a new
  change that was introduced in
  https://tools.ietf.org/html/draft-west-cookie-incrementalism-00

  Please be aware that older clients are incompatible with this change:
  https://www.chromium.org/updates/same-site/incompatible-clients, WebOb does
  not enable SameSite on cookies by default, so there is no backwards
  incompatible change here.

  See https://github.com/Pylons/webob/issues/406

- Validation of SameSite values can be disabled by toggling a module flag. This
  is in anticipation of future changes in evolving cookie standards.
  The discussion in https://github.com/Pylons/webob/pull/407 (which initially
  expanded the allowed options) notes the sudden change to browser cookie
  implementation details may happen again.

  In May 2019, Google announced a new model for privacy controls in their
  browsers, which affected the list of valid options for the SameSite attribute
  of cookies. In late 2019, the company began to roll out these changes to their
  browsers to force developer adoption of the new specification.
  See https://www.chromium.org/updates/same-site and
  https://blog.chromium.org/2019/10/developers-get-ready-for-new.html for more
  details on this change.

  See https://github.com/Pylons/webob/pull/409

1.8.5 (2019-01-03)
------------------

Warnings
~~~~~~~~

- Fixed one last remaining invalid escape sequence in a docstring.

1.8.4 (2018-11-11)
------------------

Bugfix
~~~~~~

- Response.content_type now accepts unicode strings on Python 2 and encodes
  them to latin-1. See https://github.com/Pylons/webob/pull/389 and
  https://github.com/Pylons/webob/issues/388

- Accept header classes now support a .copy() function that may be used to
  create a copy. This allows ``create_accept_header`` and other like functions
  to accept an pre-existing Accept header. See
  https://github.com/Pylons/webob/pull/386 and
  https://github.com/Pylons/webob/issues/385

Warnings
~~~~~~~~

- Some backslashes introduced with the new accept handling code were causing
  DeprecationWarnings upon compiling the source to pyc files, all of the
  backslashes have been reigned in as appropriate, and users should no longer
  see DeprecationWarnings for invalid escape sequence. See
  https://github.com/Pylons/webob/issues/384

1.8.3 (2018-10-14)
------------------

Bugfix
~~~~~~

- ``acceptparse.AcceptValidHeader``, ``acceptparse.AcceptInvalidHeader``, and
  ``acceptparse.AcceptNoHeader`` will now always ignore offers that do not
  match the required media type grammar when calling ``.acceptable_offers()``.
  Previous versions raised a ``ValueError`` for invalid offers in
  ``AcceptValidHeader`` and returned them as acceptable in the others.
  See https://github.com/Pylons/webob/pull/372

Feature
~~~~~~~

- Add Request.remote_host, exposing REMOTE_HOST environment variable.

- Added ``acceptparse.Accept.parse_offer`` to codify what types of offers
  are compatible with ``acceptparse.AcceptValidHeader.acceptable_offers``,
  ``acceptparse.AcceptMissingHeader.acceptable_offers``, and
  ``acceptparse.AcceptInvalidHeader.acceptable_offers``. This API also
  normalizes the offer with lowercased type/subtype and parameter names.
  See https://github.com/Pylons/webob/pull/376 and
  https://github.com/Pylons/webob/pull/379

1.8.2 (2018-06-05)
------------------

Bugfix
~~~~~~

- SameSite may now be passed as str or bytes to `Response.set_cookie` and
  `cookies.make_cookie`. This was an oversight as all other arguments would be
  correctly coerced before being serialized. See
  https://github.com/Pylons/webob/issues/361 and
  https://github.com/Pylons/webob/pull/362


1.8.1 (2018-04-10)
------------------

Bugfix
~~~~~~

- acceptparse.MIMEAccept which is deprecated in WebOb 1.8.0 made a backwards
  incompatible change that led to it raising on an invalid Accept header. This
  behaviour has now been reversed, as well as some other fixes to allow
  MIMEAccept to behave more like the old version. See
  https://github.com/Pylons/webob/pull/356

1.8.0 (2018-04-04)
------------------

Feature
~~~~~~~

- ``request.POST`` now supports any requests with the appropriate
  Content-Type. Allowing any HTTP method to access form encoded content,
  including DELETE, PUT, and others. See
  https://github.com/Pylons/webob/pull/352

Compatibility
~~~~~~~~~~~~~

- WebOb is no longer officially supported on Python 3.3 which was EOL'ed on
  2017-09-29.

Backwards Incompatibilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~

- Many changes have been made to the way WebOb does Accept handling, not just
  for the Accept header itself, but also for Accept-Charset, Accept-Encoding
  and Accept-Language. This was a `Google Summer of Code
  <https://developers.google.com/open-source/gsoc/>`_ project completed by
  Whiteroses (https://github.com/whiteroses). Many thanks to Google for running
  GSoC, the Python Software Foundation for organising and a huge thanks to Ira
  for completing the work. See https://github.com/Pylons/webob/pull/338 and
  https://github.com/Pylons/webob/pull/335. Documentation is available at
  https://docs.pylonsproject.org/projects/webob/en/master/api/webob.html

- When calling a ``@wsgify`` decorated function, the default arguments passed
  to ``@wsgify`` are now used when called with the request, and not as a
  `start_response`

  .. code::

     def hello(req, name):
         return "Hello, %s!" % name
     app = wsgify(hello, args=("Fred",))

     req = Request.blank('/')
     resp = req.get_response(app)  # => "Hello, Fred"
     resp2 = app(req) # => "Hello, Fred"

  Previously the ``resp2`` line would have failed with a ``TypeError``. With
  this change there is no way to override the default arguments with no
  arguments. See https://github.com/Pylons/webob/pull/203

- When setting ``app_iter`` on a ``Response`` object the ``content_md5`` header
  is no longer cleared. This behaviour is odd and disallows setting the
  ``content_md5`` and then returning an iterator for chunked content encoded
  responses. See https://github.com/Pylons/webob/issues/86

Experimental Features
~~~~~~~~~~~~~~~~~~~~~

These features are experimental and may change at any point in the future.

- The cookie APIs now have the ability to set the SameSite attribute on a
  cookie in both ``webob.cookies.make_cookie`` and
  ``webob.cookies.CookieProfile``. See https://github.com/Pylons/webob/pull/255

Bugfix
~~~~~~

- Exceptions now use string.Template.safe_substitute rather than
  string.Template.substitute. The latter would raise for missing mappings, the
  former will simply not substitute the missing variable. This is safer in case
  the WSGI environ does not contain the keys necessary for the body template.
  See https://github.com/Pylons/webob/issues/345.

- Request.host_url, Request.host_port, Request.domain correctly parse IPv6 Host
  headers as provided by a browser. See
  https://github.com/Pylons/webob/pull/332

- Request.authorization would raise ValueError for unusual or malformed header
  values. See https://github.com/Pylons/webob/issues/231

- Allow unnamed fields in form data to be properly transcoded when calling
  request.decode with an alternate encoding. See
  https://github.com/Pylons/webob/pull/309

- ``Response.__init__`` would discard ``app_iter`` when a ``Response`` had no
  body, this would cause issues when ``app_iter`` was an object that was tied
  to the life-cycle of a web application and had to be properly closed.
  ``app_iter`` is more advanced API for ``Response`` and thus even if it
  contains a body and is thus against the HTTP RFC's, we should let the users
  shoot themselves by returning a body. See
  https://github.com/Pylons/webob/issues/305

            

Raw data

            {
    "_id": null,
    "home_page": "http://webob.org/",
    "name": "WebOb",
    "maintainer": "Pylons Project",
    "docs_url": null,
    "requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7",
    "maintainer_email": null,
    "keywords": "wsgi request web http",
    "author": "Ian Bicking",
    "author_email": "ianb@colorstudy.com",
    "download_url": "https://files.pythonhosted.org/packages/a2/7a/ac5b1ab5636cc3bfc9bab1ed54ff4e8fdeb6367edd911f7337be2248b8ab/webob-1.8.8.tar.gz",
    "platform": null,
    "description": "WebOb\n=====\n\n.. image:: https://travis-ci.org/Pylons/webob.png?branch=master\n        :target: https://travis-ci.org/Pylons/webob\n\n.. image:: https://readthedocs.org/projects/webob/badge/?version=stable\n        :target: https://docs.pylonsproject.org/projects/webob/en/stable/\n        :alt: Documentation Status\n\nWebOb provides objects for HTTP requests and responses.  Specifically\nit does this by wrapping the `WSGI <http://wsgi.readthedocs.io/en/latest/>`_ request\nenvironment and response status/headers/app_iter(body).\n\nThe request and response objects provide many conveniences for parsing\nHTTP request and forming HTTP responses.  Both objects are read/write:\nas a result, WebOb is also a nice way to create HTTP requests and\nparse HTTP responses.\n\nSupport and Documentation\n-------------------------\n\nSee the `WebOb Documentation website <https://docs.pylonsproject.org/projects/webob/en/stable/>`_ to view\ndocumentation, report bugs, and obtain support.\n\nLicense\n-------\n\nWebOb is offered under the `MIT-license\n<https://docs.pylonsproject.org/projects/webob/en/stable/license.html>`_.\n\nAuthors\n-------\n\nWebOb was authored by Ian Bicking and is currently maintained by the `Pylons\nProject <https://pylonsproject.org/>`_ and a team of contributors.\n\n1.8.8 (2024-08-13)\n------------------\n\nSecurity Fix\n~~~~~~~~~~~~\n\n- The use of WebOb's Response object to redirect a request to a new location\n  can lead to an open redirect if the Location header is not a full URI.\n\n  See https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3\n  and CVE-2024-42353\n\n  Thanks to Sara Gao for the report\n\n1.8.7 (2021-02-17)\n------------------\n\nBugfix\n~~~~~~\n\n- Decoding deflate-encoded responses now supports data which is packed in\n  a zlib container as it is supposed to be. The old, non-standard behaviour\n  is still supported.\n\n  See https://github.com/Pylons/webob/pull/426\n\n\n1.8.6 (2020-01-21)\n------------------\n\nExperimental Features\n~~~~~~~~~~~~~~~~~~~~~\n\n- The SameSite value now includes a new option named \"None\", this is a new\n  change that was introduced in\n  https://tools.ietf.org/html/draft-west-cookie-incrementalism-00\n\n  Please be aware that older clients are incompatible with this change:\n  https://www.chromium.org/updates/same-site/incompatible-clients, WebOb does\n  not enable SameSite on cookies by default, so there is no backwards\n  incompatible change here.\n\n  See https://github.com/Pylons/webob/issues/406\n\n- Validation of SameSite values can be disabled by toggling a module flag. This\n  is in anticipation of future changes in evolving cookie standards.\n  The discussion in https://github.com/Pylons/webob/pull/407 (which initially\n  expanded the allowed options) notes the sudden change to browser cookie\n  implementation details may happen again.\n\n  In May 2019, Google announced a new model for privacy controls in their\n  browsers, which affected the list of valid options for the SameSite attribute\n  of cookies. In late 2019, the company began to roll out these changes to their\n  browsers to force developer adoption of the new specification.\n  See https://www.chromium.org/updates/same-site and\n  https://blog.chromium.org/2019/10/developers-get-ready-for-new.html for more\n  details on this change.\n\n  See https://github.com/Pylons/webob/pull/409\n\n1.8.5 (2019-01-03)\n------------------\n\nWarnings\n~~~~~~~~\n\n- Fixed one last remaining invalid escape sequence in a docstring.\n\n1.8.4 (2018-11-11)\n------------------\n\nBugfix\n~~~~~~\n\n- Response.content_type now accepts unicode strings on Python 2 and encodes\n  them to latin-1. See https://github.com/Pylons/webob/pull/389 and\n  https://github.com/Pylons/webob/issues/388\n\n- Accept header classes now support a .copy() function that may be used to\n  create a copy. This allows ``create_accept_header`` and other like functions\n  to accept an pre-existing Accept header. See\n  https://github.com/Pylons/webob/pull/386 and\n  https://github.com/Pylons/webob/issues/385\n\nWarnings\n~~~~~~~~\n\n- Some backslashes introduced with the new accept handling code were causing\n  DeprecationWarnings upon compiling the source to pyc files, all of the\n  backslashes have been reigned in as appropriate, and users should no longer\n  see DeprecationWarnings for invalid escape sequence. See\n  https://github.com/Pylons/webob/issues/384\n\n1.8.3 (2018-10-14)\n------------------\n\nBugfix\n~~~~~~\n\n- ``acceptparse.AcceptValidHeader``, ``acceptparse.AcceptInvalidHeader``, and\n  ``acceptparse.AcceptNoHeader`` will now always ignore offers that do not\n  match the required media type grammar when calling ``.acceptable_offers()``.\n  Previous versions raised a ``ValueError`` for invalid offers in\n  ``AcceptValidHeader`` and returned them as acceptable in the others.\n  See https://github.com/Pylons/webob/pull/372\n\nFeature\n~~~~~~~\n\n- Add Request.remote_host, exposing REMOTE_HOST environment variable.\n\n- Added ``acceptparse.Accept.parse_offer`` to codify what types of offers\n  are compatible with ``acceptparse.AcceptValidHeader.acceptable_offers``,\n  ``acceptparse.AcceptMissingHeader.acceptable_offers``, and\n  ``acceptparse.AcceptInvalidHeader.acceptable_offers``. This API also\n  normalizes the offer with lowercased type/subtype and parameter names.\n  See https://github.com/Pylons/webob/pull/376 and\n  https://github.com/Pylons/webob/pull/379\n\n1.8.2 (2018-06-05)\n------------------\n\nBugfix\n~~~~~~\n\n- SameSite may now be passed as str or bytes to `Response.set_cookie` and\n  `cookies.make_cookie`. This was an oversight as all other arguments would be\n  correctly coerced before being serialized. See\n  https://github.com/Pylons/webob/issues/361 and\n  https://github.com/Pylons/webob/pull/362\n\n\n1.8.1 (2018-04-10)\n------------------\n\nBugfix\n~~~~~~\n\n- acceptparse.MIMEAccept which is deprecated in WebOb 1.8.0 made a backwards\n  incompatible change that led to it raising on an invalid Accept header. This\n  behaviour has now been reversed, as well as some other fixes to allow\n  MIMEAccept to behave more like the old version. See\n  https://github.com/Pylons/webob/pull/356\n\n1.8.0 (2018-04-04)\n------------------\n\nFeature\n~~~~~~~\n\n- ``request.POST`` now supports any requests with the appropriate\n  Content-Type. Allowing any HTTP method to access form encoded content,\n  including DELETE, PUT, and others. See\n  https://github.com/Pylons/webob/pull/352\n\nCompatibility\n~~~~~~~~~~~~~\n\n- WebOb is no longer officially supported on Python 3.3 which was EOL'ed on\n  2017-09-29.\n\nBackwards Incompatibilities\n~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n- Many changes have been made to the way WebOb does Accept handling, not just\n  for the Accept header itself, but also for Accept-Charset, Accept-Encoding\n  and Accept-Language. This was a `Google Summer of Code\n  <https://developers.google.com/open-source/gsoc/>`_ project completed by\n  Whiteroses (https://github.com/whiteroses). Many thanks to Google for running\n  GSoC, the Python Software Foundation for organising and a huge thanks to Ira\n  for completing the work. See https://github.com/Pylons/webob/pull/338 and\n  https://github.com/Pylons/webob/pull/335. Documentation is available at\n  https://docs.pylonsproject.org/projects/webob/en/master/api/webob.html\n\n- When calling a ``@wsgify`` decorated function, the default arguments passed\n  to ``@wsgify`` are now used when called with the request, and not as a\n  `start_response`\n\n  .. code::\n\n     def hello(req, name):\n         return \"Hello, %s!\" % name\n     app = wsgify(hello, args=(\"Fred\",))\n\n     req = Request.blank('/')\n     resp = req.get_response(app)  # => \"Hello, Fred\"\n     resp2 = app(req) # => \"Hello, Fred\"\n\n  Previously the ``resp2`` line would have failed with a ``TypeError``. With\n  this change there is no way to override the default arguments with no\n  arguments. See https://github.com/Pylons/webob/pull/203\n\n- When setting ``app_iter`` on a ``Response`` object the ``content_md5`` header\n  is no longer cleared. This behaviour is odd and disallows setting the\n  ``content_md5`` and then returning an iterator for chunked content encoded\n  responses. See https://github.com/Pylons/webob/issues/86\n\nExperimental Features\n~~~~~~~~~~~~~~~~~~~~~\n\nThese features are experimental and may change at any point in the future.\n\n- The cookie APIs now have the ability to set the SameSite attribute on a\n  cookie in both ``webob.cookies.make_cookie`` and\n  ``webob.cookies.CookieProfile``. See https://github.com/Pylons/webob/pull/255\n\nBugfix\n~~~~~~\n\n- Exceptions now use string.Template.safe_substitute rather than\n  string.Template.substitute. The latter would raise for missing mappings, the\n  former will simply not substitute the missing variable. This is safer in case\n  the WSGI environ does not contain the keys necessary for the body template.\n  See https://github.com/Pylons/webob/issues/345.\n\n- Request.host_url, Request.host_port, Request.domain correctly parse IPv6 Host\n  headers as provided by a browser. See\n  https://github.com/Pylons/webob/pull/332\n\n- Request.authorization would raise ValueError for unusual or malformed header\n  values. See https://github.com/Pylons/webob/issues/231\n\n- Allow unnamed fields in form data to be properly transcoded when calling\n  request.decode with an alternate encoding. See\n  https://github.com/Pylons/webob/pull/309\n\n- ``Response.__init__`` would discard ``app_iter`` when a ``Response`` had no\n  body, this would cause issues when ``app_iter`` was an object that was tied\n  to the life-cycle of a web application and had to be properly closed.\n  ``app_iter`` is more advanced API for ``Response`` and thus even if it\n  contains a body and is thus against the HTTP RFC's, we should let the users\n  shoot themselves by returning a body. See\n  https://github.com/Pylons/webob/issues/305\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "WSGI request and response object",
    "version": "1.8.8",
    "project_urls": {
        "Homepage": "http://webob.org/"
    },
    "split_keywords": [
        "wsgi",
        "request",
        "web",
        "http"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c3c2fbc206db211c11ac85f2b440670ff6f43d44d7601f61b95628f56d271c21",
                "md5": "4c0b6ef764dd301d3a87a1894626773a",
                "sha256": "b60ba63f05c0cf61e086a10c3781a41fcfe30027753a8ae6d819c77592ce83ea"
            },
            "downloads": -1,
            "filename": "WebOb-1.8.8-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "4c0b6ef764dd301d3a87a1894626773a",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7",
            "size": 115289,
            "upload_time": "2024-08-14T04:51:05",
            "upload_time_iso_8601": "2024-08-14T04:51:05.727589Z",
            "url": "https://files.pythonhosted.org/packages/c3/c2/fbc206db211c11ac85f2b440670ff6f43d44d7601f61b95628f56d271c21/WebOb-1.8.8-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "a27aac5b1ab5636cc3bfc9bab1ed54ff4e8fdeb6367edd911f7337be2248b8ab",
                "md5": "2372b45cf0e0a3970daaa901fc9d0f64",
                "sha256": "2abc1555e118fc251e705fc6dc66c7f5353bb9fbfab6d20e22f1c02b4b71bcee"
            },
            "downloads": -1,
            "filename": "webob-1.8.8.tar.gz",
            "has_sig": false,
            "md5_digest": "2372b45cf0e0a3970daaa901fc9d0f64",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7",
            "size": 279035,
            "upload_time": "2024-08-14T04:51:07",
            "upload_time_iso_8601": "2024-08-14T04:51:07.068855Z",
            "url": "https://files.pythonhosted.org/packages/a2/7a/ac5b1ab5636cc3bfc9bab1ed54ff4e8fdeb6367edd911f7337be2248b8ab/webob-1.8.8.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-08-14 04:51:07",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "lcname": "webob"
}
        
Elapsed time: 0.34252s