There is a security risk with generic views (they expose all variables returned in the dict by the controller action, including all fields in any returned database selects, and sometimes developers unintentionally/unknowingly return more than they want to explicitly expose). You can enable some/all generic views for some/all requests by specifying response.generic_patterns somewhere. It should be a list of globs that match the controller/function.extension for which you want to enable generic views. response.generic_patterns = [*] # will enable all generic views for all requests response.generic_patterns = ['json'] # will enable generic.json (if you put this in your controller or function, it will only enable it for that controller/function) Note, the current 'welcome' app enables all generic views, but only for local requests (there is a line in db.py that does this). Anthony
On Wednesday, August 17, 2011 9:46:47 AM UTC-4, Joseph.Piron wrote: > Hi guys, quite a weirdo right here :) > > I was on web2py 1.95.2 and everything was fine with my applications in > production. > To stay put, I have deciced to uppgrade to the last one 1.98.2 and > validate everything works.. and ... it doesn't .. :'( > > I have a controller serving db information through a simple json > service and now, well I call for example > http://localhost/app/control/item.json > it fails with the 404: invalid view (control/item.json). > Or course I don't have any control/item.json as I'd like it to just > use the generic.json.. > > Can someone help me please ? Thanks !
