haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,522 Commits 42 Branches 853 Tags 10 MiB
tooLargeResponseErrorMessage
Commit Graph

309 Commits

Author SHA1 Message Date
Maximilian Tagher
6b22a0b9be Give more detail in the error message for too large request bodies. 
* Just to be helpful to developers, give the maximum body length and their body length
* Also point developers to the function to change that value

(I don't think this leaks any sensitive info, because you can always binary search with different request body sizes to find the maximum allowable)
 2018-01-18 18:30:34 -08:00
Maximilian Tagher
5cdc0a39ac Document whitelisting certain routes to not need CSRF protection 
This question came up on the #yesod Slack channel and I think it's moderately common; I've seen it elsewhere.
 2017-12-29 23:44:08 -05:00
Sibi Prabakaran
323d7f4322
Fix haddock doc for the Yesod.Core.Unsafe module 2017-12-13 02:33:37 +05:30
Maximilian Tagher
1275cce1af Give better error messages when CSRF validation fails 
* This is important because historically these errors have tripped people up
* Making security as easy as possible is important so that it doesn't just get turned off
* Giving clear directions about where to get the CSRF token (a cookie) and where to send it (a header/param) is especially helpful to frontend developers not necessarily familiar with the backend codebase
 2017-11-26 09:00:30 -05:00
Josh Berman
79ab662a80 Fix docs on languages set and getMessageRender to use it (#1325) 2017-11-26 11:52:37 +02:00
Ian Duncan
05b2193e9f
Code review fixes for #1444 2017-09-08 09:00:12 +09:00
Ian Duncan
fd872cff40
Add support to yesod-core for weak etags 2017-09-06 10:08:45 +09:00
Sibi Prabakaran
7cfefdf3fa
Merge remote-tracking branch 'origin/master' into header-yesod 
Conflicts resolved in:
	yesod-core/ChangeLog.md
	yesod-core/yesod-core.cabal
 2017-07-28 17:01:03 +05:30
Michael Snoyman
4b34fe9c72
Fix deprecation warning for LTS 8 2017-07-23 12:25:29 +03:00
Sibi Prabakaran
617591aa4e
Do case insensitive equality on header name 2017-07-14 13:44:21 +05:30
Sibi Prabakaran
89fc6c46e2
Fix ordering logic in replaceHeader function 2017-07-13 16:29:08 +05:30
Sibi Prabakaran
18951b0de7
Update the replace logic to obey proper ordering 2017-07-13 12:42:30 +05:30
Sibi Prabakaran
8416bb6569
Add Haddock documentation for the added function 2017-07-13 11:27:03 +05:30
Sibi Prabakaran
3cec499c85
ScopedTypeVariables is also needed 2017-07-13 11:17:03 +05:30
Sibi Prabakaran
839b56b032
Implement replaceOrAddHeader function 2017-07-13 11:10:54 +05:30
James Parker
70f643b7e9 Merge branch 'master' of https://github.com/yesodweb/yesod into dev.jp 2017-06-01 11:24:54 -04:00
James Haver II
5ee51262de Update ChangeLog and Hackage comments 2017-05-12 01:04:13 +08:00
James Haver II
56b09eef93 Add WaiSubsiteWithAuth 2017-05-12 00:13:07 +08:00
James Parker
6b000ecfb4 Version bump and fix for old versions of TH. 2017-03-27 12:06:44 -04:00
James Parker
997714f4c2 Accept multiple argument types inside brackets 2017-03-27 02:42:47 -04:00
James Parker
adf89bcf84 Contexts can be parsed and included in instances. Standalone deriving is used when 
a context is provided. Type variables can be included in routes/TH.
 2017-03-27 00:10:32 -04:00
Sibi Prabakaran
470858f81c
Better Haddock rendering. Since -> @since 2017-02-17 00:21:31 +05:30
Sibi Prabakaran
797278243e
Add and export getPostParams function 2017-02-17 00:18:17 +05:30
Michael Snoyman
aefd074efa Cleanup GHC 8 redundant constraints 2017-02-05 13:35:12 +02:00
Michael Snoyman
3dc2d10b30 Compile with -Wall -Werror 2017-02-05 12:09:18 +02:00
Michael Snoyman
64ed0792bc Check mime-type for JSON bodies #1330 2017-02-02 08:10:19 +02:00
Michael Snoyman
9a484f9163 defaultMessageWidget 2016-12-07 20:08:47 -05:00
Aleksey Uimanov
80f0b3cd70 Add comments and bump minor version to 1.4.29 2016-12-07 14:04:51 +05:00
Aleksey Uimanov
47ef36012d export getGetMaxExpires 2016-12-05 19:33:04 +05:00
Aleksey Uimanov
d1697a3fde export toWaiAppYre 2016-12-02 15:55:09 +05:00
Michael Snoyman
fbdaa2f675 Add since lines 2016-11-30 19:36:29 +02:00
Andrew Martin
1781699cab Add ToWidget instances for strict text, lazy text, and text builder 2016-11-27 15:27:54 -05:00
Casey Allred
9458e57a58 adjusted to use *{..} syntax 2016-11-26 12:07:49 -07:00
Casey Allred
cec6f42a99 added jsAttributes for the script tag generated by julius files 2016-11-25 21:36:51 -07:00
Michael Snoyman
bbca01ce71 languages reflects setLanguage 2016-11-04 11:10:26 +02:00
Ross MacLeod
09c37eb916 Use #if MIN_VERSION_transformers(0,4,0) instead of __GLASGOW_HASKELL__ >= 710 2016-09-22 13:27:25 -04:00
Ross MacLeod
6de5d8f829 missed making the import of ExceptT conditional on GHC version as well 2016-09-22 13:23:10 -04:00
Ross MacLeod
58fb977276 Only emit MonadHandler and MonadWidget instance for ExceptT when GHC version >= 7.10, since that's the first version tied to transformers-0.4.0.0 which introduced ExceptT 2016-09-22 13:00:09 -04:00
Ross MacLeod
ee100d7be0 Add instance of MonadHandler and MonadWidget for ExceptT 2016-09-21 14:41:30 -04:00
Cthulhu
fbaf502858 cached and cachedBy will not overwrite global state changes 2016-08-28 19:02:11 +03:00
Alexander Lippling
8822fa37a8 Added support for aeson's toEncoding function (>= 0.11) to sendStatusJSON 2016-08-28 01:06:23 +02:00
Bryan Richter
111b017f58 Explain what sslOnlyMiddleware really does (#1262) 
Doc updated per
<https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>.

I was tipped off to the discrepancy when my site worked totally fine over
http, in spite of the claim, "This middleware makes a site functionally
inaccessible over vanilla http in all standard browsers."
 2016-08-24 08:24:32 -07:00
Maximilian Tagher
e6287362ad Default CSRF tokens to the root path "/" 
* The default path of cookies is the current path making the request
  * e.g. an AJAX request made from http://example.com/foo/bar would be /foo
  * This causes multiple CSRF tokens to build up as you navigate a site
  * This will cause errors if the CSRF tokens have different values, and an invalid token is sent.
* Closes #1247
 2016-08-16 07:25:41 -07:00
Maximilian Tagher
9fb876e383 Merge pull request #1258 from bitemyapp/master 
What I did to avoid the duplicate cookie problem
 2016-08-13 21:18:49 -04:00
Michael Snoyman
cc6cc2939e Fix ChangeLog and @since comments 2016-08-10 15:18:41 +03:00
Michael Snoyman
f6891b0373 Merge branch 'BL/samesite' of https://github.com/bobjflong/yesod into bobjflong-BL/samesite 2016-08-10 15:17:25 +03:00
Artem Chuprina
83299bf1be urlParamRenderOverride method for Yesod class 
this method replaces urlRenderOverride because the latter lacks support for query string
 2016-08-09 22:54:24 +03:00
Chris Allen
a3f4974750 Merge branch 'master' of git://github.com/yesodweb/yesod 2016-07-22 10:50:22 -05:00
Maximilian Tagher
0eb8ab3050 Document recommended usage of the CSRF middleware 
* Closes #1246
 2016-07-14 07:56:31 -07:00
Chris Allen
5e4cefc9ad path, not value 2016-07-08 14:25:47 -05:00