haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'simple-content-type' of https://github.com/JaSpa/yesod into better-monads

Browse Source
This commit is contained in:
Michael Snoyman 2018-01-21 11:13:05 +02:00
commit 0f09393c34
No known key found for this signature in database
GPG Key ID: A048E8C057E86876
3 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
yesod-core/ChangeLog.md
View File

@ -10,6 +10,7 @@
holds its data in an `IORef` so that it is isomorphic to `ReaderT`,
avoiding state-loss issues..
* Overhaul of `HandlerT`/`WidgetT` to no longer be transformers.
* Fix Haddock comment & simplify implementation for `contentTypeTypes` [#1476](https://github.com/yesodweb/yesod/issues/1476)
## 1.4.37.2

7
yesod-core/Yesod/Core/Content.hs
View File

@ -72,6 +72,7 @@ import Yesod.Core.Types
import Text.Lucius (Css, renderCss)
import Text.Julius (Javascript, unJavascript)
import Data.Word8 (_semicolon, _slash)
import Control.Arrow (second)
-- | Zero-length enumerator.
emptyContent :: Content
@ -222,13 +223,13 @@ typeOctet = "application/octet-stream"
simpleContentType :: ContentType -> ContentType
simpleContentType = fst . B.break (== _semicolon)
-- Give just the media types as a pair.
-- | Give just the media types as a pair.
--
-- For example, \"text/html; charset=utf-8\" returns ("text", "html")
contentTypeTypes :: ContentType -> (B.ByteString, B.ByteString)
contentTypeTypes ct = (main, fst $ B.break (== _semicolon) (tailEmpty sub))
contentTypeTypes = second tailEmpty . B.break (== _slash) . simpleContentType
where
tailEmpty x = if B.null x then "" else B.tail x
(main, sub) = B.break (== _slash) ct
instance HasContentType a => HasContentType (DontFullyEvaluate a) where
getContentType = getContentType . liftM unDontFullyEvaluate

17
yesod-core/Yesod/Core/Handler.hs
View File

@ -1444,6 +1444,23 @@ sendChunkHtml = sendChunk
-- The form-based approach has the advantage of working for users with Javascript disabled, while adding the token to the headers with Javascript allows things like submitting JSON or binary data in AJAX requests. Yesod supports checking for a CSRF token in either the POST parameters of the form ('checkCsrfParamNamed'), the headers ('checkCsrfHeaderNamed'), or both options ('checkCsrfHeaderOrParam').
--
-- The easiest way to check both sources is to add the 'Yesod.Core.defaultCsrfMiddleware' to your Yesod Middleware.
--
-- === Opting-out of CSRF checking for specific routes
--
-- (Note: this code is generic to opting out of any Yesod middleware)
--
-- @
-- 'yesodMiddleware' app = do
-- maybeRoute <- 'getCurrentRoute'
-- let dontCheckCsrf = case maybeRoute of
-- Just HomeR -> True -- Don't check HomeR
-- Nothing -> True -- Don't check for 404s
-- _ -> False -- Check other routes
--
-- 'defaultYesodMiddleware' $ 'defaultCsrfSetCookieMiddleware' $ (if dontCheckCsrf then 'id' else 'defaultCsrfCheckMiddleware') $ app
-- @
--
-- This can also be implemented using the 'csrfCheckMiddleware' function.
-- | The default cookie name for the CSRF token ("XSRF-TOKEN").
--