plain 0.80.0__py3-none-any.whl → 0.82.0__py3-none-any.whl

plain/CHANGELOG.md

@@ -1,5 +1,28 @@
 # plain changelog
 
+## [0.82.0](https://github.com/dropseed/plain/releases/plain@0.82.0) (2025-10-29)
+
+### What's changed
+
+- The `DEFAULT_RESPONSE_HEADERS` setting can now be a callable that accepts a request argument, enabling dynamic header generation per request ([cb92905834](https://github.com/dropseed/plain/commit/cb92905834))
+- Added `request.csp_nonce` cached property for generating Content Security Policy nonces ([75071dcc70](https://github.com/dropseed/plain/commit/75071dcc70))
+- Simplified the preflight command by moving `plain preflight check` back to `plain preflight` ([40c2c4560e](https://github.com/dropseed/plain/commit/40c2c4560e))
+
+### Upgrade instructions
+
+- If you use `plain preflight check`, update to `plain preflight` (the `check` subcommand has been removed for simplicity)
+- If you use `plain preflight check --deploy`, update to `plain preflight --deploy`
+
+## [0.81.0](https://github.com/dropseed/plain/releases/plain@0.81.0) (2025-10-22)
+
+### What's changed
+
+- Removed support for category-specific error template fallbacks like `4xx.html` and `5xx.html` ([9513f7c4fa](https://github.com/dropseed/plain/commit/9513f7c4fa))
+
+### Upgrade instructions
+
+- If you have `4xx.html` or `5xx.html` error templates, rename them to specific status code templates (e.g., `404.html`, `500.html`) or remove them if you prefer the plain HTTP response fallback
+
 ## [0.80.0](https://github.com/dropseed/plain/releases/plain@0.80.0) (2025-10-22)
 
 ### What's changed

plain/cli/preflight.py

@@ -5,21 +5,13 @@ import click
 
 from plain import preflight
 from plain.packages import packages_registry
-from plain.preflight.registry import checks_registry
-from plain.runtime import settings
 
 
-@click.group("preflight")
-def preflight_cli() -> None:
-    """Run or manage preflight checks."""
-    pass
-
-
-@preflight_cli.command("check")
+@click.command("preflight")
 @click.option(
     "--deploy",
     is_flag=True,
-    help="Check deployment settings.",
+    help="Include deployment checks.",
 )
 @click.option(
     "--format",
@@ -32,14 +24,13 @@ def preflight_cli() -> None:
     is_flag=True,
     help="Hide progress output and warnings, only show errors.",
 )
-def check_command(deploy: bool, format: str, quiet: bool) -> None:
+def preflight_cli(deploy: bool, format: str, quiet: bool) -> None:
     """
-    Use the system check framework to validate entire Plain project.
+    Run preflight checks to validate your Plain project.
     Exit with error code if any errors are found. Warnings do not cause failure.
     """
     # Auto-discover and load preflight checks
     packages_registry.autodiscover_modules("preflight", include_app=True)
-
     if not quiet:
         click.secho("Running preflight checks...", dim=True, italic=True, err=True)
 
@@ -200,48 +191,3 @@ def check_command(deploy: bool, format: str, quiet: bool) -> None:
     # Exit with error if there are any errors (not warnings)
     if has_errors:
         sys.exit(1)
-
-
-@preflight_cli.command("list")
-def list_checks() -> None:
-    """List all available preflight checks."""
-    packages_registry.autodiscover_modules("preflight", include_app=True)
-
-    regular = []
-    deployment = []
-    silenced_checks = settings.PREFLIGHT_SILENCED_CHECKS
-
-    for name, (check_class, deploy) in sorted(checks_registry.checks.items()):
-        # Use class docstring as description
-        description = check_class.__doc__ or "No description"
-        # Get first line of docstring
-        description = description.strip().split("\n")[0]
-
-        is_silenced = name in silenced_checks
-        if deploy:
-            deployment.append((name, description, is_silenced))
-        else:
-            regular.append((name, description, is_silenced))
-
-    if regular:
-        click.echo("Regular checks:")
-        for name, description, is_silenced in regular:
-            silenced_text = (
-                click.style(" (silenced)", fg="red", dim=True) if is_silenced else ""
-            )
-            click.echo(
-                f"  {click.style(name)}: {click.style(description, dim=True)}{silenced_text}"
-            )
-
-    if deployment:
-        click.echo("\nDeployment checks:")
-        for name, description, is_silenced in deployment:
-            silenced_text = (
-                click.style(" (silenced)", fg="red", dim=True) if is_silenced else ""
-            )
-            click.echo(
-                f"  {click.style(name)}: {click.style(description, dim=True)}{silenced_text}"
-            )
-
-    if not regular and not deployment:
-        click.echo("No preflight checks found.")

plain/http/request.py

@@ -3,6 +3,7 @@ from __future__ import annotations
 import codecs
 import copy
 import json
+import secrets
 import uuid
 from collections.abc import Iterator
 from functools import cached_property
@@ -101,6 +102,16 @@ class Request:
     def headers(self) -> RequestHeaders:
         return RequestHeaders(self.meta)
 
+    @cached_property
+    def csp_nonce(self) -> str:
+        """Generate a cryptographically secure nonce for Content Security Policy.
+
+        The nonce is generated once per request and cached. It can be used in
+        CSP headers and templates to allow specific inline scripts/styles while
+        blocking others.
+        """
+        return secrets.token_urlsafe(16)
+
     @cached_property
     def accepted_types(self) -> list[MediaType]:
         """Return accepted media types sorted by quality value (highest first).

plain/internal/middleware/headers.py

@@ -13,8 +13,15 @@ class DefaultHeadersMiddleware(HttpMiddleware):
     def process_request(self, request: Request) -> Response:
         response = self.get_response(request)
 
-        for header, value in settings.DEFAULT_RESPONSE_HEADERS.items():
-            # Since we don't have a good way to *remote* default response headers,
+        # Support callable DEFAULT_RESPONSE_HEADERS for dynamic header generation
+        # (e.g., CSP nonces that change per request)
+        if callable(settings.DEFAULT_RESPONSE_HEADERS):
+            default_headers = settings.DEFAULT_RESPONSE_HEADERS(request)
+        else:
+            default_headers = settings.DEFAULT_RESPONSE_HEADERS
+
+        for header, value in default_headers.items():
+            # Since we don't have a good way to *remove* default response headers,
             # use allow users to set them to an empty string to indicate they should be removed.
             if header in response.headers and response.headers[header] == "":
                 del response.headers[header]

plain/preflight/README.md

@@ -13,7 +13,7 @@
 Preflight checks help identify issues with your settings or environment before running your application.
 
 ```bash
-plain preflight check
+plain preflight
 ```
 
 ## Development
@@ -22,31 +22,53 @@ If you use [`plain.dev`](/plain-dev/README.md) for local development, the Plain
 
 ## Deployment
 
-The `plain preflight check` command should often be part of your deployment process. Make sure to add the `--deploy` flag to the command to run checks that are only relevant in a production environment.
+The `plain preflight` command should often be part of your deployment process. Make sure to add the `--deploy` flag to the command to run checks that are only relevant in a production environment.
 
 ```bash
-plain preflight check --deploy
+plain preflight --deploy
 ```
 
 ## Custom preflight checks
 
-Use the `@register_check` decorator to add your own preflight check to the system. Just make sure that particular Python module is somehow imported so the check registration runs.
+Use the `@register_check` decorator to add your own preflight check to the system. Create a class that inherits from `PreflightCheck` and implements a `run()` method that returns a list of `PreflightResult` objects.
 
 ```python
-from plain.preflight import register_check, Error
-
-
-@register_check
-def custom_check(package_configs, **kwargs):
-    return Error("This is a custom error message.", id="custom.C001")
+from plain.preflight import PreflightCheck, PreflightResult, register_check
+
+
+@register_check("custom.example")
+class CustomCheck(PreflightCheck):
+    """Description of what this check validates."""
+
+    def run(self) -> list[PreflightResult]:
+        # Your check logic here
+        if some_condition:
+            return [
+                PreflightResult(
+                    fix="This is a custom error message.",
+                    id="custom.example_failed",
+                )
+            ]
+        return []
 ```
 
-For deployment-specific checks, add the `deploy` argument to the decorator.
+For deployment-specific checks, add `deploy=True` to the decorator.
 
 ```python
-@register_check(deploy=True)
-def custom_deploy_check(package_configs, **kwargs):
-    return Error("This is a custom error message for deployment.", id="custom.D001")
+@register_check("custom.deploy_example", deploy=True)
+class CustomDeployCheck(PreflightCheck):
+    """Description of what this deployment check validates."""
+
+    def run(self) -> list[PreflightResult]:
+        # Your deployment check logic here
+        if some_deploy_condition:
+            return [
+                PreflightResult(
+                    fix="This is a custom error message for deployment.",
+                    id="custom.deploy_example_failed",
+                )
+            ]
+        return []
 ```
 
 ## Silencing preflight checks

plain/views/README.md

@@ -257,7 +257,7 @@ HTTP errors are rendered using templates. Create templates for the errors users
 - `templates/403.html` - Forbidden
 - `templates/500.html` - Server error
 
-Plain looks for `{status_code}.html`, then `{category}.html` (e.g., `4xx.html`), then returns a plain HTTP response. Most apps only need the three specific templates above.
+Plain looks for `{status_code}.html` templates, then returns a plain HTTP response if not found. Most apps only need the three specific templates above.
 
 Templates receive `status_code` and `exception` in context.
 

plain/views/errors.py

@@ -29,10 +29,8 @@ class ErrorView(TemplateView):
         return context
 
     def get_template_names(self) -> list[str]:
-        # Try specific status code first (e.g. "404.html")
-        # Then fall back to category (e.g. "4xx.html" or "5xx.html")
-        category = f"{str(self.status_code)[0]}xx"
-        return [f"{self.status_code}.html", f"{category}.html"]
+        # Try specific status code template (e.g. "404.html")
+        return [f"{self.status_code}.html"]
 
     def get_request_handler(self) -> Callable[[], Any]:
         return self.get  # All methods (post, patch, etc.) will use the get()

{plain-0.80.0.dist-info → plain-0.82.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plain
-Version: 0.80.0
+Version: 0.82.0
 Summary: A web framework for building products with Python.
 Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
 License-File: LICENSE

{plain-0.80.0.dist-info → plain-0.82.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 plain/AGENTS.md,sha256=As6EFSWWHJ9lYIxb2LMRqNRteH45SRs7a_VFslzF53M,1046
-plain/CHANGELOG.md,sha256=CZJXaqSX2G0nv_Bp-_VKzIuVGgDlwtFdD_cEek6ajpg,31725
+plain/CHANGELOG.md,sha256=LafG-4y2ZZGMobjIsHK5Iob3e47rA_umHo__6KUA1rI,33085
 plain/README.md,sha256=VvzhXNvf4I6ddmjBP9AExxxFXxs7RwyoxdgFm-W5dsg,4072
 plain/__main__.py,sha256=GK39854Lc_LO_JP8DzY9Y2MIQ4cQEl7SXFJy244-lC8,110
 plain/debug.py,sha256=C2OnFHtRGMrpCiHSt-P2r58JypgQZ62qzDBpV4mhtFM,855
@@ -30,7 +30,7 @@ plain/cli/docs.py,sha256=PU3v7Z7qgYFG-bClpuDg4JeWwC8uvLYX3ovkQDMseVs,1146
 plain/cli/formatting.py,sha256=e1doTFalAM11bD_Cvqeu6sTap81JrQcB-4kMjZzAHmY,2737
 plain/cli/install.py,sha256=mffSYBmSJSj44OPBfu53nBQoyoz4jk69DvppubIB0mU,2791
 plain/cli/output.py,sha256=uZTHZR-Axeoi2r6fgcDCpDA7iQSRrktBtTf1yBT5djI,1426
-plain/cli/preflight.py,sha256=5UXOowjiCMqsGIrpHg60f6Ptjk40rMiDSowN8wy5jSY,8541
+plain/cli/preflight.py,sha256=zpFTkk4yET3mosFBxHY5B-vSlLu1LXvAZ3hrcUZG-oo,6721
 plain/cli/print.py,sha256=7kv9ddXpwOHRSWp6FFLfX4wbmhV7neoOBlE0VcXWccw,238
 plain/cli/registry.py,sha256=Z52nVE2bC2h_B_SENnXctn3mx3UWB0qYg969DVP7XX8,1106
 plain/cli/runtime.py,sha256=YbGYfwkH0VxfuIMbOCwM9wSWiQKusPn_gVeGod8OFaE,743
@@ -61,7 +61,7 @@ plain/http/__init__.py,sha256=gUTIGh-GbSIlh3SP-Db-XAOX4P_j2hh2445w8Cm-zKQ,1032
 plain/http/cookie.py,sha256=x13G3LIr0jxnPK1NQRptmi0DrAq9PsivQnQTm4LKaW0,2191
 plain/http/middleware.py,sha256=TPs585IIFjgp-5uUAJtIoigH6uwTS3FJqwFSsQdayd4,960
 plain/http/multipartparser.py,sha256=3W9osVGV9LshNF3aAUCBp7OBYTgD6hN2jS7T15BIKCs,28350
-plain/http/request.py,sha256=ficL1Lh-71tU1SVFKD4beLEJsPk7eesZG0nPPbACMTk,26462
+plain/http/request.py,sha256=JexbxZ7EXbvi-J9kntAdIwR9p3vk2Cekb6UoFJXfK74,26850
 plain/http/response.py,sha256=9AlV1PfBsimNFW5LV-o9xcRvp1uXEFeXMnq1vAYPYh0,24971
 plain/internal/__init__.py,sha256=n2AgdfNelt_tp8CS9JDzHMy_aiTUMPGZiFFwKmNz2fg,262
 plain/internal/reloader.py,sha256=n7B-F-WeUXp37pAnvzKX9tcEbUxHSlYqa4gItyA_zko,2662
@@ -78,7 +78,7 @@ plain/internal/handlers/base.py,sha256=ZlpOYqd45X0wPYlmxHwXR5kyCkWBB6ZJeSGZka5VA
 plain/internal/handlers/exception.py,sha256=P7oTqVtKoIHBOxCml1BSgNBV_rQWyCHlO5hS87NVjXo,4872
 plain/internal/handlers/wsgi.py,sha256=d2Hcs4fzTSir6OvtpVromTw0RmmFAqTL4_EaBjoHtNU,8919
 plain/internal/middleware/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-plain/internal/middleware/headers.py,sha256=-lgba1Em1FiqFbaeI7bwCkd4yI-UuOnEf3vh1eKK87Q,1100
+plain/internal/middleware/headers.py,sha256=z3rmjIGGYV5JcAfAUm3tcdG34OFoEfYukJrwZsq7JIo,1425
 plain/internal/middleware/hosts.py,sha256=UXMts7cKA9ocOK-J8DAcZPbKYQtfVyLSLH2QQX3mKjM,5895
 plain/internal/middleware/https.py,sha256=8n990O0Ej5cRrBlfAnLW2nZ2mx0wn0002C4HuRhVpsM,1117
 plain/internal/middleware/slash.py,sha256=V_rTb9v8uMUR_N2TLETBwlJFItoL4WD9JnRyFaFs878,3073
@@ -92,7 +92,7 @@ plain/packages/README.md,sha256=iNqMtwFDVNf2TqKUzLKQW5Y4_GsssmdB4cVerzu27Ro,2674
 plain/packages/__init__.py,sha256=OpQny0xLplPdPpozVUUkrW2gB-IIYyDT1b4zMzOcCC4,160
 plain/packages/config.py,sha256=dxs_i-z6noQF_6j3lq11mhnQ1Bj10u2CXTJY0JgeQgc,3166
 plain/packages/registry.py,sha256=bmqY1rQau4MRpbf6DXkUVlqF4XJ9Mz2awSi5E7tCGd4,9032
-plain/preflight/README.md,sha256=vR43F_ls81hRSo7J2NNZ4VOMoRaJ1bS5JwA6l4ez36g,1782
+plain/preflight/README.md,sha256=tH3KctMH_Zrz4ohZXlhQAGuZmPw1mMa4jr-iE0SHvC4,2470
 plain/preflight/__init__.py,sha256=-uBIVLD1DlJUVypQsEcrOtaNAhECbOpKhyoz0c_WMhA,416
 plain/preflight/checks.py,sha256=kJcr-Hq5bsjKw1BUYR6r6nFg3Ecgrd1DS5SudUr4rSU,289
 plain/preflight/files.py,sha256=OjD76e-l_cDXJGHMk21LsoPp6V_HxD5v0zyvOKkEDu0,840
@@ -179,17 +179,17 @@ plain/utils/text.py,sha256=teav7elbqEtGnhKG3ajf-V9Hb-Gsg8uqDrogqWizqjI,10094
 plain/utils/timesince.py,sha256=a_-ZoPK_s3Pt998CW4rWp0clZ1XyK2x04hCqak2giII,5928
 plain/utils/timezone.py,sha256=M_I5yvs9NsHbtNBPJgHErvWw9vatzx4M96tRQs5gS3g,6823
 plain/utils/tree.py,sha256=rj_JpZ2kVD3UExWoKnsRdVCoRjvzkuVOONcHzREjSyw,4766
-plain/views/README.md,sha256=Kuw6tMfFp0-fu2aDFM0iCKV-FzgZmkPwd78cYKDXaUA,7438
+plain/views/README.md,sha256=F6RuNm2viDM3EGHCuy9rbmQaW-lrCVipdOfTEdWcEqY,7418
 plain/views/__init__.py,sha256=a-N1nkklVohJTtz0yD1MMaS0g66HviEjsKydNVVjvVc,392
 plain/views/base.py,sha256=yWh6S68PsYcH1dvRdibQIanBYkjo2iJ8IAbR2PTWQrk,4419
-plain/views/errors.py,sha256=og20lx5WGDiQ-thOAYtWNsfjuZiLLVydpk94k810j6A,1632
+plain/views/errors.py,sha256=fV9rGV1RSo10_0P9J-uIFprhrO5lDVlcJKpfyFV22gY,1495
 plain/views/exceptions.py,sha256=-YKH1Jd9Zm_yXiz797PVjJB6VWaPCTXClHIUkG2fq78,198
 plain/views/forms.py,sha256=ESZOXuo6IeYixp1RZvPb94KplkowRiwO2eGJCM6zJI0,2400
 plain/views/objects.py,sha256=5y0PoPPo07dQTTcJ_9kZcx0iI1O7regsooAIK4VqXQ0,5579
 plain/views/redirect.py,sha256=mIpSAFcaEyeLDyv4Fr6g_ektduG4Wfa6s6L-rkdazmM,2154
 plain/views/templates.py,sha256=9LgDMCv4C7JzLiyw8jHF-i4350ukwgixC_9y4faEGu0,1885
-plain-0.80.0.dist-info/METADATA,sha256=jweqjIZtRoFGSJ0YCjb5dF9bcOAsPZaGbrdTCB4ktY4,4516
-plain-0.80.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-plain-0.80.0.dist-info/entry_points.txt,sha256=1Ys2lsSeMepD1vz8RSrJopna0RQfUd951vYvCRsvl6A,45
-plain-0.80.0.dist-info/licenses/LICENSE,sha256=m0D5O7QoH9l5Vz_rrX_9r-C8d9UNr_ciK6Qwac7o6yo,3175
-plain-0.80.0.dist-info/RECORD,,
+plain-0.82.0.dist-info/METADATA,sha256=Az4gbY6JEIaJb3xC12DeYjEl2fezGU6GXHx64Ku1WLs,4516
+plain-0.82.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+plain-0.82.0.dist-info/entry_points.txt,sha256=1Ys2lsSeMepD1vz8RSrJopna0RQfUd951vYvCRsvl6A,45
+plain-0.82.0.dist-info/licenses/LICENSE,sha256=m0D5O7QoH9l5Vz_rrX_9r-C8d9UNr_ciK6Qwac7o6yo,3175
+plain-0.82.0.dist-info/RECORD,,