haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,545 Commits 42 Branches 853 Tags 10 MiB
2047efd00a
Commit Graph

323 Commits

Author SHA1 Message Date
Ross MacLeod
58fb977276 Only emit MonadHandler and MonadWidget instance for ExceptT when GHC version >= 7.10, since that's the first version tied to transformers-0.4.0.0 which introduced ExceptT 2016-09-22 13:00:09 -04:00
Ross MacLeod
ee100d7be0 Add instance of MonadHandler and MonadWidget for ExceptT 2016-09-21 14:41:30 -04:00
Cthulhu
fbaf502858 cached and cachedBy will not overwrite global state changes 2016-08-28 19:02:11 +03:00
Alexander Lippling
8822fa37a8 Added support for aeson's toEncoding function (>= 0.11) to sendStatusJSON 2016-08-28 01:06:23 +02:00
Bryan Richter
111b017f58 Explain what sslOnlyMiddleware really does (#1262) 
Doc updated per
<https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>.

I was tipped off to the discrepancy when my site worked totally fine over
http, in spite of the claim, "This middleware makes a site functionally
inaccessible over vanilla http in all standard browsers."
 2016-08-24 08:24:32 -07:00
Maximilian Tagher
e6287362ad Default CSRF tokens to the root path "/" 
* The default path of cookies is the current path making the request
  * e.g. an AJAX request made from http://example.com/foo/bar would be /foo
  * This causes multiple CSRF tokens to build up as you navigate a site
  * This will cause errors if the CSRF tokens have different values, and an invalid token is sent.
* Closes #1247
 2016-08-16 07:25:41 -07:00
Maximilian Tagher
9fb876e383 Merge pull request #1258 from bitemyapp/master 
What I did to avoid the duplicate cookie problem
 2016-08-13 21:18:49 -04:00
Michael Snoyman
cc6cc2939e Fix ChangeLog and @since comments 2016-08-10 15:18:41 +03:00
Michael Snoyman
f6891b0373 Merge branch 'BL/samesite' of https://github.com/bobjflong/yesod into bobjflong-BL/samesite 2016-08-10 15:17:25 +03:00
Artem Chuprina
83299bf1be urlParamRenderOverride method for Yesod class 
this method replaces urlRenderOverride because the latter lacks support for query string
 2016-08-09 22:54:24 +03:00
Chris Allen
a3f4974750 Merge branch 'master' of git://github.com/yesodweb/yesod 2016-07-22 10:50:22 -05:00
Maximilian Tagher
0eb8ab3050 Document recommended usage of the CSRF middleware 
* Closes #1246
 2016-07-14 07:56:31 -07:00
Chris Allen
5e4cefc9ad path, not value 2016-07-08 14:25:47 -05:00
Chris Allen
4a0caeb05c deleting cookie before adding to avoid duplicates for a test 2016-07-08 13:38:39 -05:00
Mikkel Christiansen
50c4138a5c Take hlint suggestions. 2016-06-28 08:28:23 +02:00
Mikkel Christiansen
cc134b93de Remove compiler warnings for unused var and unused imports. 2016-06-27 19:47:55 +02:00
Michael Snoyman
1036550d00 Add missing Monoid import 2016-06-23 08:15:53 +03:00
Michael Snoyman
c24d0e7f80 Allow deepseq 1.3 2016-06-22 23:01:44 +03:00
Michael Snoyman
90ecc1ebe3 Significant cleanup of runHandler 
@nh2 This hopefully makes the logic much clearer to avoid exceptional
cases slipping through.

@gregwebs Maybe you'd like to review this?

For yesod-core 1.5: we should make as many datatypes strict-fielded as
possible in Yesod.Core.Types to make for less corner cases. Also, the
idea of an exception value itself being partial is _really_ terrifying.
 2016-06-22 20:28:42 +03:00
Michael Snoyman
33ea980dba Simplify away from returnDeepSessionMap 2016-06-22 18:45:46 +03:00
Michael Snoyman
a3d9a13abe Proper handling of impure exceptions within HandlerError values 2016-06-22 18:24:18 +03:00
Michael Snoyman
85e7fd7e33 Version bump for #1241 2016-06-20 17:30:28 +03:00
Alexander Lippling
18cd7834d6 Added support for aeson's toEncoding function (>= 0.11) 2016-06-20 13:19:11 +02:00
Sibi
2a01710f4b Remove outdated instruction for jsLoader (#1238) 2016-06-05 11:28:22 -07:00
Bob Long
294ef285a3 remove redundant paren 2016-05-03 16:24:12 +01:00
Bob Long
6746c1c94f fixup whitespace in docs 2016-05-03 16:23:57 +01:00
Bob Long
1834d255e6 replace pure with Just for backwards compat 2016-05-03 15:18:45 +01:00
Bob Long
9b0caaf2cf expand documentation on lax & strict 2016-05-03 15:17:46 +01:00
Bob Long
bc7ff2f552 Add version information 2016-05-01 17:23:10 +01:00
Bob Long
a797c2e5d4 Add laxSameSiteSessions and strictSameSiteSessions 2016-05-01 16:31:01 +01:00
Erik de Castro Lopo
96af1e7f39 yesod-core: Fix for a *very* late change in ghc-8.0 TH api 2016-04-23 10:54:41 +10:00
Erik de Castro Lopo
226c381baa yesod-core: Make it work with ghc-8.0 
Use CPP hackery to make it compile with ghc-8.0 and ghc 7.10. If
ghc-7.10 works, I assume earlier supported versions of GHC also
work. All tests pass with both GHC versions.

Unfortunately, the TH changes force changes in the type signature
of Yesod.Routes.TH.RenderRoute.mkRouteCons from:

    mkRouteCons :: [ResourceTree Type] -> ([Con], [Dec])

to

    mkRouteCons :: [ResourceTree Type] -> Q ([Con], [Dec])

and I can't see a way around that.
 2016-04-19 14:52:03 +10:00
Maximilian Tagher
5a5cfd6c7a Bump version for CSRF logging changes, and improve error message. 2016-03-28 23:36:31 -07:00
Maximilian Tagher
28fbaae268 Log a warning when a CSRF error occurs 
* Closes #1192
 2016-03-28 23:35:27 -07:00
Michael Snoyman
da4948592d Version bump 2016-03-29 09:14:02 +03:00
Murray
9dbcc95c3f remove single message deprecated directives 2016-03-18 09:17:57 +00:00
Murray
a15070709d allow more than one session message and add statuses 2016-03-16 18:14:40 +00:00
Sajith Sasidharan
93da4f060e Minor doc patch - sendStatusJSON is since 1.4.18 
I'm sure this is trivially obvious. :-)

Commit 6a60dac introduced `sendStatusJSON` on Nov 25, 2015; yesod-core 1.4.18 was uploaded to hackage on Dec 17.
 2016-03-06 18:22:51 -05:00
Chris Allen
7123b02500 typo 2016-03-01 15:13:34 -06:00
Michael Snoyman
cf5a390cad Add _token parameter to redirectToPost #1151 2016-01-24 14:37:44 +02:00
Ross MacLeod
1fb53dfa9e #1142 make sendStatusJSON fully polymorphic in its return type, since it never returns 2016-01-12 11:32:20 -05:00
Michael Snoyman
10709c4e26 Merge pull request #1122 from pseudonom/master 
Add hook to apply arbitrary function to all handlers
 2015-12-14 11:49:30 +02:00
mrkkrp
15c1573538 ‘checkCsrfHeaderNamed’ → ‘checkCsrfParamNamed’ 
Also removed trailing whitespace. Actual typo fix is on line 1318.
 2015-12-11 23:00:01 +06:00
mrkkrp
bb02d2b911 fix references to ‘Yesod.Core.Handler’ 2015-12-11 22:40:06 +06:00
Eric Easley
56c19a2cd3 Add hook to apply arbitrary function to all handlers 2015-12-09 11:29:13 -08:00
Greg Weber
b271978ccf Merge pull request #1105 from bitemyapp/master 
JSON-specific sendResponseStatus
 2015-12-07 16:04:07 -08:00
Michael Snoyman
de3818784a getApprootText 2015-12-04 14:40:50 +02:00
Chris Allen
ae1015b628 shorter name 2015-11-25 23:01:49 -06:00
Chris Allen
6a60dac366 JSON-specific sendResponseStatus 2015-11-25 14:49:53 -06:00
David Turner
badabaa1ca Update comment 2015-11-13 15:15:04 +00:00
David Turner
b9b2d0d609 Use AutoUpdate for session expiry date too 2015-11-13 13:40:19 +00:00
Paul Rouse
e4503ded60 Remove unnecessary underscores in guessApprootOr 2015-10-13 15:22:30 +01:00
Paul Rouse
692773326a Add guessApprootOr function 2015-10-13 15:00:02 +01:00
Michael Snoyman
79aefc694a Make guessApproot the default (for yesod-core1.5) 2015-10-13 10:59:01 +00:00
Michael Snoyman
5d0a4567f3 Add the guessApproot function (pinging @gregwebs) 2015-10-13 10:32:25 +00:00
David Turner
ef8bbf5820 Make comment more precise 2015-10-11 07:39:48 +00:00
David Turner
8dc54fc921 Update maximum expiry once per day 2015-10-11 07:28:52 +00:00
David Turner
5b4d5ced3b Move auto-updater into YesodRunnerEnv 2015-10-10 15:58:39 +00:00
Mikkel Christiansen
25bbda2087 Remove unused applicative. 2015-08-26 16:10:56 +02:00
Mikkel Christiansen
04cb3730a0 Replace deprecated breakByte function. 2015-08-26 15:03:14 +02:00
Mikkel Christiansen
a47ceec445 GHC 7.10 import warnings removed from yesod-core. 2015-08-26 14:52:39 +02:00
Daniel Díaz
e77f6bd709 Do not use reify unless the type name is in scope. Assume arity 0 when the type is not in scope. 2015-08-23 22:49:04 +02:00
Maximilian Tagher
33982b2112 Add CSRF protection functions/middleware that support AJAX requests 2015-08-17 16:52:39 -07:00
Daniel Díaz
42ec7f53e9 Depend directly on template-haskell. 2015-08-11 22:10:12 +02:00
Daniel Díaz
4897c24d3f Use CPP to adapt to template-haskell changes according to the version of base used. 2015-08-11 22:07:28 +02:00
Daniel Díaz
ea62a38464 mkYesodGeneral arguments can now be monomorphic or polymorphic types. It is possible to impose class instances to polymorphic type arguments. 2015-08-10 07:23:26 +02:00
Daniel Díaz
366bfbd319 Allow Site types to have type parameters. 2015-08-06 00:35:48 +02:00
Daniel Díaz
9991e307e3 Attempt to add support for parametrized types in mkYesod. 2015-08-06 00:13:28 +02:00
Andrew Martin
c4d154b512 Added getsYesod 2015-07-23 13:29:16 -04:00
Christopher Reichert
a5a627db58 Clarify IsString instance for Widget only works with Strings. 2015-07-21 13:19:00 -05:00
Christopher Reichert
66ed314866 Document IsString instance for WidgetT. 2015-07-21 12:24:33 -05:00
Andrew Martin
4e354c9e07 Improve type inference for WidgetT IsString instance 2015-07-21 11:37:09 -04:00
Andrew Martin
00635452b9 Add IsString instance for WidgetT site m () 2015-07-21 11:07:52 -04:00
Andrew
e37ccee3d7 Use a let binding for greater clarity 2015-06-30 18:30:24 -04:00
Andrew Martin
e327963912 Don't show source location for logs that don't have that information 2015-06-30 17:02:33 -04:00
Andrew Martin
edf7ada64c Export subHelper directly rather than doing a module export 2015-06-07 08:45:38 -04:00
Andrew Martin
b88295cf05 stop the module import cycle 2015-06-05 13:20:03 -04:00
Andrew Martin
92aa58dee5 Make stripHandlerT and subHelper available for public use 2015-06-05 08:07:37 -04:00
Michael Snoyman
b20c19d2c5 Version bump 2015-06-04 09:43:06 +03:00
Yitzchak Gale
f3d9bb2555 Unneeded import of Data.Maybe in Yesod.Core.Class.Yesod. 2015-06-03 11:48:02 +03:00
Yitzchak Gale
95c8d40010 Fix haddock about default log level. 2015-06-03 11:45:29 +03:00
Yitzchak Gale
bef07c5e12 Fix reference to default in haddock for shouldLog. 2015-06-03 11:18:33 +03:00
Yitzchak Gale
bd161ef5f7 Export defaults for logging methods of Yesod. 2015-06-03 11:16:43 +03:00
Michael Snoyman
882956255a Better support for multiple cookie headers 2015-04-02 16:40:14 +03:00
Michael Snoyman
56d4b8c3ee Version bump 2015-03-26 14:52:36 +02:00
Michael Snoyman
e50ce7ca1e Merge branch 'master' of https://github.com/s9gf4ult/yesod 2015-03-26 14:51:14 +02:00
Aleksey Uimanov
79dc6c33b9 add lookupBasicAuth and lookupBearerAuth functions 2015-03-26 17:19:53 +05:00
Michael Snoyman
e85be6f118 Use 307 redirect for cleaning paths and non-GET requests #951 2015-03-15 11:45:32 +02:00
Maximilian Tagher
e57b62235f Add more semigroups instances 2015-02-08 16:55:06 -08:00
Greg Weber
8086ca5d57 Semigroup instance for WidgetT 2015-02-08 14:09:10 -08:00
Michael Snoyman
85d4477f96 Remove defunct reference to SpecialResponse (fixes #925) 2015-02-08 07:15:16 +02:00
Thomas Dziedzic
6398206b8f fix documentation spelling 2015-01-06 21:10:12 -08:00
Michael Snoyman
b3754498ec Version bump 2014-12-20 18:25:15 +02:00
Patrick Boe
8b7c58f381 added functions to simplify application of an ssl-only policy to a site 2014-12-20 10:26:32 -05:00
Michael Snoyman
09df930de3 monad-control 1.0 2014-12-17 17:58:19 +02:00
Michael Snoyman
5f21c73d7d Changelog fix and typo correction 2014-11-30 07:39:40 +02:00
Greg Weber
05f2a7631c add Yesod.Core.Unsafe module 2014-11-29 17:45:56 -08:00
Michael Snoyman
9a64b1bdb0 MonadLoggerIO instances 2014-11-28 07:55:43 +02:00
Michael Snoyman
c95e74053b Version bump 2014-11-28 07:47:30 +02:00
patrick brisbin
21cd47cc98
Add envClientSessionBackend, ENV-based session key 
This can be useful if:

1. You can't rely on a persistent file system (e.g. Heroku)
2. Your application is open source (e.g. you can't commit the key)

By keeping a consistent value in the environment variable, your users will
have consistent sessions without relying on the file system.

Usage:

    makeSessionBackend _ = fmap Just $ envClientSessionBackend 120 "SESSION_KEY"
 2014-11-25 11:15:13 -05:00