From c39b165ff3b111c6266f61734b8f007d85cf0f16 Mon Sep 17 00:00:00 2001 From: Andrei Mikhailov Date: Fri, 1 May 2020 00:40:11 -0300 Subject: [PATCH] increase the size of CSRF token --- yesod-core/ChangeLog.md | 4 ++++ yesod-core/src/Yesod/Core/Internal/Request.hs | 2 +- yesod-core/yesod-core.cabal | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/yesod-core/ChangeLog.md b/yesod-core/ChangeLog.md index 00ffc0ac..7c2f446f 100644 --- a/yesod-core/ChangeLog.md +++ b/yesod-core/ChangeLog.md @@ -1,5 +1,9 @@ # ChangeLog for yesod-core +## 1.6.18.1 + +* Increase the size of CSRF token + ## 1.6.18 * Add functions for setting description and OG meta [#1663](https://github.com/yesodweb/yesod/pull/1663) diff --git a/yesod-core/src/Yesod/Core/Internal/Request.hs b/yesod-core/src/Yesod/Core/Internal/Request.hs index 7d34fe71..ffc71a0d 100644 --- a/yesod-core/src/Yesod/Core/Internal/Request.hs +++ b/yesod-core/src/Yesod/Core/Internal/Request.hs @@ -129,7 +129,7 @@ parseWaiRequest env session useToken mmaxBodySize = -- Already have a token, use it. Just bs -> Left $ Just $ decodeUtf8With lenientDecode bs -- Don't have a token, get a random generator and make a new one. - Nothing -> Right $ fmap Just . randomString 10 + Nothing -> Right $ fmap Just . randomString 40 | otherwise = Left Nothing textQueryString :: W.Request -> [(Text, Text)] diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal index c0d20b6d..1054ca59 100644 --- a/yesod-core/yesod-core.cabal +++ b/yesod-core/yesod-core.cabal @@ -1,5 +1,5 @@ name: yesod-core -version: 1.6.18 +version: 1.6.18.1 license: MIT license-file: LICENSE author: Michael Snoyman