‘checkCsrfHeaderNamed’ → ‘checkCsrfParamNamed’
Also removed trailing whitespace. Actual typo fix is on line 1318.
This commit is contained in:
mrkkrp
parent
bb02d2b911
commit
15c1573538
@ -1315,7 +1315,7 @@ stripHandlerT (HandlerT f) getSub toMaster newRoute = HandlerT $ \hd -> do
|
|||||||
--
|
--
|
||||||
-- (2) Yesod can store the CSRF token in a cookie which is accessible by Javascript. Requests made by Javascript can lookup this cookie and add it as a header to requests. The server then checks the token in the header against the one in the encrypted session.
|
-- (2) Yesod can store the CSRF token in a cookie which is accessible by Javascript. Requests made by Javascript can lookup this cookie and add it as a header to requests. The server then checks the token in the header against the one in the encrypted session.
|
||||||
--
|
--
|
||||||
-- The form-based approach has the advantage of working for users with Javascript disabled, while adding the token to the headers with Javascript allows things like submitting JSON or binary data in AJAX requests. Yesod supports checking for a CSRF token in either the POST parameters of the form ('checkCsrfHeaderNamed'), the headers ('checkCsrfHeaderNamed'), or both options ('checkCsrfHeaderOrParam').
|
-- The form-based approach has the advantage of working for users with Javascript disabled, while adding the token to the headers with Javascript allows things like submitting JSON or binary data in AJAX requests. Yesod supports checking for a CSRF token in either the POST parameters of the form ('checkCsrfParamNamed'), the headers ('checkCsrfHeaderNamed'), or both options ('checkCsrfHeaderOrParam').
|
||||||
--
|
--
|
||||||
-- The easiest way to check both sources is to add the 'defaultCsrfMiddleware' to your Yesod Middleware.
|
-- The easiest way to check both sources is to add the 'defaultCsrfMiddleware' to your Yesod Middleware.
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user