diff --git a/docs/_newsfragments/2090.breakingchange.rst b/docs/_newsfragments/2090.breakingchange.rst index 6e16920ca..34dbfe9fa 100644 --- a/docs/_newsfragments/2090.breakingchange.rst +++ b/docs/_newsfragments/2090.breakingchange.rst @@ -1,5 +1,4 @@ The deprecated ``api_helpers`` was removed in favor of the ``app_helpers`` -module. In addition, the deprecated ``body`` -attributes for the :class:`~falcon.Response`, -:class:`asgi.Response `, -and :class:`~falcon.HTTPStatus` classes. +module. In addition, the deprecated ``body`` attributes of the +:class:`~falcon.Response`, :class:`asgi.Response `, and +:class:`~falcon.HTTPStatus` classes were removed. diff --git a/docs/_newsfragments/2343.breakingchange.rst b/docs/_newsfragments/2343.breakingchange.rst index ba2284e25..4e6fa7fb9 100644 --- a/docs/_newsfragments/2343.breakingchange.rst +++ b/docs/_newsfragments/2343.breakingchange.rst @@ -1,5 +1,8 @@ -Removed ``is_async`` argument from :meth:`~falcon.media.validators.jsonschema.validate` -and the hooks :meth:`~falcon.before` and :meth:`~falcon.after` since it's -no longer needed. -Cython from 3.0 will correctly mark ``asnyc def`` as coroutine, making -this argument no longer useful. +The ``is_async`` keyword argument was removed from +:meth:`~falcon.media.validators.jsonschema.validate`, as well as the hooks +:meth:`~falcon.before` and :meth:`~falcon.after`, since it represented a niche +use case that is even less relevant with the recent advances in the ecosystem: +Cython 3.0+ will now correctly mark cythonized ``async def`` functions as +coroutines, and pure-Python factory functions that return a coroutine can now +be marked as such using :func:`inspect.markcoroutinefunction` +(Python 3.12+ is required). diff --git a/falcon/response.py b/falcon/response.py index afcc8941a..2a556c3f0 100644 --- a/falcon/response.py +++ b/falcon/response.py @@ -1371,7 +1371,7 @@ class ResponseOptions: secure_cookies_by_default: bool """Set to ``False`` in development environments to make the ``secure`` attribute - for all cookies. (default ``False``). + for all cookies. (default ``True``). This can make testing easier by not requiring HTTPS. Note, however, that this setting can be overridden via :meth:`~.Response.set_cookie()`'s ``secure`` kwarg.