diff --git a/yesod-core/ChangeLog.md b/yesod-core/ChangeLog.md index 8b73dd55..6ba96c3c 100644 --- a/yesod-core/ChangeLog.md +++ b/yesod-core/ChangeLog.md @@ -10,6 +10,7 @@ holds its data in an `IORef` so that it is isomorphic to `ReaderT`, avoiding state-loss issues.. * Overhaul of `HandlerT`/`WidgetT` to no longer be transformers. +* Fix Haddock comment & simplify implementation for `contentTypeTypes` [#1476](https://github.com/yesodweb/yesod/issues/1476) ## 1.4.37.2 diff --git a/yesod-core/Yesod/Core/Content.hs b/yesod-core/Yesod/Core/Content.hs index 51b27cd6..d7668d8d 100644 --- a/yesod-core/Yesod/Core/Content.hs +++ b/yesod-core/Yesod/Core/Content.hs @@ -72,6 +72,7 @@ import Yesod.Core.Types import Text.Lucius (Css, renderCss) import Text.Julius (Javascript, unJavascript) import Data.Word8 (_semicolon, _slash) +import Control.Arrow (second) -- | Zero-length enumerator. emptyContent :: Content @@ -222,13 +223,13 @@ typeOctet = "application/octet-stream" simpleContentType :: ContentType -> ContentType simpleContentType = fst . B.break (== _semicolon) --- Give just the media types as a pair. +-- | Give just the media types as a pair. +-- -- For example, \"text/html; charset=utf-8\" returns ("text", "html") contentTypeTypes :: ContentType -> (B.ByteString, B.ByteString) -contentTypeTypes ct = (main, fst $ B.break (== _semicolon) (tailEmpty sub)) +contentTypeTypes = second tailEmpty . B.break (== _slash) . simpleContentType where tailEmpty x = if B.null x then "" else B.tail x - (main, sub) = B.break (== _slash) ct instance HasContentType a => HasContentType (DontFullyEvaluate a) where getContentType = getContentType . liftM unDontFullyEvaluate diff --git a/yesod-core/Yesod/Core/Handler.hs b/yesod-core/Yesod/Core/Handler.hs index 886c7a07..67f99216 100644 --- a/yesod-core/Yesod/Core/Handler.hs +++ b/yesod-core/Yesod/Core/Handler.hs @@ -1444,6 +1444,23 @@ sendChunkHtml = sendChunk -- The form-based approach has the advantage of working for users with Javascript disabled, while adding the token to the headers with Javascript allows things like submitting JSON or binary data in AJAX requests. Yesod supports checking for a CSRF token in either the POST parameters of the form ('checkCsrfParamNamed'), the headers ('checkCsrfHeaderNamed'), or both options ('checkCsrfHeaderOrParam'). -- -- The easiest way to check both sources is to add the 'Yesod.Core.defaultCsrfMiddleware' to your Yesod Middleware. +-- +-- === Opting-out of CSRF checking for specific routes +-- +-- (Note: this code is generic to opting out of any Yesod middleware) +-- +-- @ +-- 'yesodMiddleware' app = do +-- maybeRoute <- 'getCurrentRoute' +-- let dontCheckCsrf = case maybeRoute of +-- Just HomeR -> True -- Don't check HomeR +-- Nothing -> True -- Don't check for 404s +-- _ -> False -- Check other routes +-- +-- 'defaultYesodMiddleware' $ 'defaultCsrfSetCookieMiddleware' $ (if dontCheckCsrf then 'id' else 'defaultCsrfCheckMiddleware') $ app +-- @ +-- +-- This can also be implemented using the 'csrfCheckMiddleware' function. -- | The default cookie name for the CSRF token ("XSRF-TOKEN"). --