overriding in a subclass. • Types for RequestHandler.get_body_argument and get_query_argument are improved and now match the get_argument method. • RequestHandler.get_cookie now has more accurate types longer allowed in (incoming) header values. • Handling of trailing whitespace in headers has been improved, especially with obs-fold continuation lines. • The Host header is now restricted to the set of Application setting xsrf_cookie_name can now be used to take advantage of the __Host cookie prefix for improved security. To use it, add {"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": {"secure": True}}

overriding in a subclass. Types for RequestHandler.get_body_argument and get_query_argument are improved and now match the get_argument method. RequestHandler.get_cookie now has more accurate types. The longer allowed in (incoming) header values. Handling of trailing whitespace in headers has been improved, especially with obs-fold continuation lines. The Host header is now restricted to the set of characters Application setting xsrf_cookie_name can now be used to take advantage of the __Host cookie prefix for improved security. To use it, add {"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": {"secure": True}}