What’s new in Tornado 2.1
Sep 20, 2011
Backwards-incompatible changes
- Support for secure cookies written by pre-1.0 releases of Tornado has
been removed. The RequestHandler.get_secure_cookie method no longer
takes an include_name parameter.
- The debug application setting now causes stack traces to be displayed
in the browser on uncaught exceptions. Since this may leak sensitive
information, debug mode is not recommended for public-facing servers.
Security fixes
- Diginotar has been removed from the default CA certificates file used
by SimpleAsyncHTTPClient.
New modules
- tornado.gen: A generator-based interface to simplify writing
asynchronous functions.
- tornado.netutil: Parts of tornado.httpserver have been extracted into
a new module for use with non-HTTP protocols.
- tornado.platform.twisted: A bridge between the Tornado IOLoop and the
Twisted Reactor, allowing code written for Twisted to be run on Tornado.
- tornado.process: Multi-process mode has been improved, and can now restart
crashed child processes. A new entry point has been added at
tornado.process.fork_processes, although
tornado.httpserver.HTTPServer.start is still supported.
tornado.web
- tornado.web.RequestHandler.write_error replaces get_error_html as the
preferred way to generate custom error pages (get_error_html is still
supported, but deprecated)
- In tornado.web.Application, handlers may be specified by
(fully-qualified) name instead of importing and passing the class object
itself.
- It is now possible to use a custom subclass of StaticFileHandler
with the static_handler_class application setting, and this subclass
can override the behavior of the static_url method.
- StaticFileHandler subclasses can now override
get_cache_time to customize cache control behavior.
- tornado.web.RequestHandler.get_secure_cookie now has a max_age_days
parameter to allow applications to override the default one-month expiration.
- set_cookie now accepts a max_age keyword
argument to set the max-age cookie attribute (note underscore vs dash)
- tornado.web.RequestHandler.set_default_headers may be overridden to set
headers in a way that does not get reset during error handling.
- RequestHandler.add_header can now be used to set a header that can
appear multiple times in the response.
- RequestHandler.flush can now take a callback for flow control.
- The application/json content type can now be gzipped.
- The cookie-signing functions are now accessible as static functions
tornado.web.create_signed_value and tornado.web.decode_signed_value.
tornado.httpserver
- To facilitate some advanced multi-process scenarios, HTTPServer
has a new method add_sockets, and socket-opening code is
available separately as tornado.netutil.bind_sockets.
- The cookies property is now available on tornado.httpserver.HTTPRequest
(it is also available in its old location as a property of
RequestHandler)
- tornado.httpserver.HTTPServer.bind now takes a backlog argument with the
same meaning as socket.listen.
- HTTPServer can now be run on a unix socket as well
as TCP.
- Fixed exception at startup when socket.AI_ADDRCONFIG is not available,
as on Windows XP
IOLoop and IOStream
- IOStream performance has been improved, especially for
small synchronous requests.
- New methods tornado.iostream.IOStream.read_until_close and
tornado.iostream.IOStream.read_until_regex.
- IOStream.read_bytes and IOStream.read_until_close now take a
streaming_callback argument to return data as it is received rather
than all at once.
- IOLoop.add_timeout now accepts datetime.timedelta objects in addition
to absolute timestamps.
- PeriodicCallback now sticks to the specified period
instead of creeping later due to accumulated errors.
- tornado.ioloop.IOLoop and tornado.httpclient.HTTPClient now have
close() methods that should be used in applications that create
and destroy many of these objects.
- IOLoop.install can now be used to use a custom subclass of IOLoop
as the singleton without monkey-patching.
- IOStream should now always call the close callback
instead of the connect callback on a connection error.
- The IOStream close callback will no longer be called while there
are pending read callbacks that can be satisfied with buffered data.
tornado.simple_httpclient
- Now supports client SSL certificates with the client_key and
client_cert parameters to tornado.httpclient.HTTPRequest
- Now takes a maximum buffer size, to allow reading files larger than 100MB
- Now works with HTTP 1.0 servers that don’t send a Content-Length header
- The allow_nonstandard_methods flag on HTTP client requests now
permits methods other than POST and PUT to contain bodies.
- Fixed file descriptor leaks and multiple callback invocations in
SimpleAsyncHTTPClient
- No longer consumes extra connection resources when following redirects.
- Now works with buggy web servers that separate headers with \n instead
of \r\n\r\n.
- Now sets response.request_time correctly.
- Connect timeouts now work correctly.
Other modules
- tornado.auth.OpenIdMixin now uses the correct realm when the
callback URI is on a different domain.
- tornado.autoreload has a new command-line interface which can be used
to wrap any script. This replaces the --autoreload argument to
tornado.testing.main and is more robust against syntax errors.
- tornado.autoreload.watch can be used to watch files other than
the sources of imported modules.
- tornado.database.Connection has new variants of execute and
executemany that return the number of rows affected instead of
the last inserted row id.
- tornado.locale.load_translations now accepts any properly-formatted
locale name, not just those in the predefined LOCALE_NAMES list.
- tornado.options.define now takes a group parameter to group options
in --help output.
- Template loaders now take a namespace constructor argument to add
entries to the template namespace.
- tornado.websocket now supports the latest (“hybi-10”) version of the
protocol (the old version, “hixie-76” is still supported; the correct
version is detected automatically).
- tornado.websocket now works on Python 3
Bug fixes
- Windows support has been improved. Windows is still not an officially
supported platform, but the test suite now passes and
tornado.autoreload works.
- Uploading files whose names contain special characters will now work.
- Cookie values containing special characters are now properly quoted
and unquoted.
- Multi-line headers are now supported.
- Repeated Content-Length headers (which may be added by certain proxies)
are now supported in HTTPServer.
- Unicode string literals now work in template expressions.
- The template {% module %} directive now works even if applications
use a template variable named modules.
- Requests with “Expect: 100-continue” now work on python 3