Support for secure cookies written by pre-1.0 releases of Tornado has
been removed. The RequestHandler.get_secure_cookie method no longer
takes an include_name parameter.
The debug application setting now causes stack traces to be displayed
in the browser on uncaught exceptions. Since this may leak sensitive
information, debug mode is not recommended for public-facing servers.
Security fixes
Diginotar has been removed from the default CA certificates file used
by SimpleAsyncHTTPClient.
New modules
tornado.gen: A generator-based interface to simplify writing
asynchronous functions.
tornado.platform.twisted: A bridge between the Tornado IOLoop and the
Twisted Reactor, allowing code written for Twisted to be run on Tornado.
tornado.process: Multi-process mode has been improved, and can now restart
crashed child processes. A new entry point has been added at
tornado.process.fork_processes, although
tornado.httpserver.HTTPServer.start is still supported.
tornado.web
tornado.web.RequestHandler.write_error replaces get_error_html as the
preferred way to generate custom error pages (get_error_html is still
supported, but deprecated)
In tornado.web.Application, handlers may be specified by
(fully-qualified) name instead of importing and passing the class object
itself.
It is now possible to use a custom subclass of StaticFileHandler
with the static_handler_class application setting, and this subclass
can override the behavior of the static_url method.
StaticFileHandler subclasses can now override
get_cache_time to customize cache control behavior.
The application/json content type can now be gzipped.
The cookie-signing functions are now accessible as static functions
tornado.web.create_signed_value and tornado.web.decode_signed_value.
tornado.httpserver
To facilitate some advanced multi-process scenarios, HTTPServer
has a new method add_sockets, and socket-opening code is
available separately as tornado.netutil.bind_sockets.
The cookies property is now available on tornado.httpserver.HTTPRequest
(it is also available in its old location as a property of
RequestHandler)
tornado.httpserver.HTTPServer.bind now takes a backlog argument with the
same meaning as socket.listen.
HTTPServer can now be run on a unix socket as well
as TCP.
Fixed exception at startup when socket.AI_ADDRCONFIG is not available,
as on Windows XP
IOLoop and IOStream
IOStream performance has been improved, especially for
small synchronous requests.
New methods tornado.iostream.IOStream.read_until_close and
tornado.iostream.IOStream.read_until_regex.
IOStream.read_bytes and IOStream.read_until_close now take a
streaming_callback argument to return data as it is received rather
than all at once.
Now takes a maximum buffer size, to allow reading files larger than 100MB
Now works with HTTP 1.0 servers that don’t send a Content-Length header
The allow_nonstandard_methods flag on HTTP client requests now
permits methods other than POST and PUT to contain bodies.
Fixed file descriptor leaks and multiple callback invocations in
SimpleAsyncHTTPClient
No longer consumes extra connection resources when following redirects.
Now works with buggy web servers that separate headers with \n instead
of \r\n\r\n.
Now sets response.request_time correctly.
Connect timeouts now work correctly.
Other modules
tornado.auth.OpenIdMixin now uses the correct realm when the
callback URI is on a different domain.
tornado.autoreload has a new command-line interface which can be used
to wrap any script. This replaces the --autoreload argument to
tornado.testing.main and is more robust against syntax errors.
Template loaders now take a namespace constructor argument to add
entries to the template namespace.
tornado.websocket now supports the latest (“hybi-10”) version of the
protocol (the old version, “hixie-76” is still supported; the correct
version is detected automatically).