seen_nonce receives sender's id #10
Conversation
Breaking change to reflect the latest hawk.js spec. mozilla/hawk#141 This is necessary in order to avoid false collisions with other requests sharing the same timestamp and nonce values
|
Thanks for the patch. We could do a fancy lookup on the callable with inspect.argspec() but I'm not sure it's worth the effort. I think it's fine. I'll just add a big warning in the release notes. If you feel like it, hawkrest will need a patch too in the nonce lookup. It hooks into Django's cache API for nonce checks. Some usage info: http://hawkrest.readthedocs.org/en/latest/usage.html#django-configuration |
seen_nonce receives sender's id
|
When making the changes for hawk.js I did a similar thing to your inspect.argspec() suggestion. Eran just had me back it out and then put in the breaking changes. I agree that the warning would be the way to go. Besides, hopefully no one is rolling library version changes to prod without testing first. :) I'll take a look at the hawkrest project, too. Thanks! |
This also swaps py33 tests for py34 because, meh. See also #10
Breaking change to reflect latest hawk.js spec.
The seen_nonce() function now receives the sender's id in order to avoid false collisions with other requests sharing the same timestamp and nonce values.
Related change in the hawk.js project: mozilla/hawk#141
This should probably engender at least a minor-version bump to indicate the api change.