Tornado 1.1.1 新特性¶

Feb 8, 2011¶

  1. Tornado 1.1.1 is a BACKWARDS-INCOMPATIBLE security update that fixes an
  2. XSRF vulnerability.  It is available at
  3. https://github.com/downloads/facebook/tornado/tornado-1.1.1.tar.gz
  4.  
  5. This is a backwards-incompatible change.  Applications that previously
  6. relied on a blanket exception for XMLHTTPRequest may need to be modified
  7. to explicitly include the XSRF token when making ajax requests.
  8.  
  9. The tornado chat demo application demonstrates one way of adding this
  10. token (specifically the function postJSON in demos/chat/static/chat.js).
  11.  
  12. More information about this change and its justification can be found at
  13. http://www.djangoproject.com/weblog/2011/feb/08/security/
  14. http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

原文:

https://tornado-zh-cn.readthedocs.io/zh_CN/latest/releases/v1.1.1.html