haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,773 Commits 42 Branches 853 Tags 10 MiB
5fe5e24eb0
Commit Graph

4773 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Snoyman
5fe5e24eb0
Add missing rio dependency 
Travis was handling this via the solver, which we don't want to be using
 2019-04-29 19:21:27 +03:00
Michael Snoyman
5acc62b5e2
Updated badge for Azure 2019-04-29 18:48:37 +03:00
Michael Snoyman
772324e8cb
Azure config 2019-04-29 18:44:47 +03:00
Michael Snoyman
c7bb2d22af
Remove Travis config 2019-04-29 18:44:26 +03:00
Michael Snoyman
d9d4863fc1
Remove appveyor 2019-04-29 18:37:18 +03:00
Michael Snoyman
abdea8d157
Remove out-of-date ReleaseNotes.md 2019-04-29 18:37:00 +03:00
Michael Snoyman
3015a9a9f1
Remove out-of-date README 2019-04-29 18:36:35 +03:00
Michael Snoyman
b30a2a5b07
Remove sources.txt 2019-04-29 18:36:06 +03:00
Michael Snoyman
de209b3b94
Merge pull request #1594 from yesodweb/persistent-2-10 
Test against persistent 2.10
 2019-04-29 18:00:40 +03:00
Michael Snoyman
2a51e05448
Test against persistent 2.10 2019-04-29 16:03:39 +03:00
Michael Snoyman
ad6ed03aa4
Add support for persistent 2.10 2019-04-22 08:46:21 +03:00
Michael Snoyman
cc2d19a25d
Relax upper bound on persistent 2019-04-22 08:45:44 +03:00
Michael Snoyman
b5839420aa
Version bump 2019-04-13 22:01:17 +03:00
Michael Snoyman
42fbab9129
Merge pull request #1592 from StevenXL/add-jsonresponse-type 
Introduce JSONResponse.
 2019-04-13 22:00:23 +03:00
Steven Leiva
ab096c649c Introduce JSONResponse. 
This data type allows us to return a domain type in our handlers, even
if we eventually want to send JSON to the client.

See: https://tech.freckle.com/2015/12/21/servant-style-handlers-for-yesod/
 2019-04-12 16:13:53 -05:00
Michael Snoyman
6a7370a9e6
Merge pull request #1589 from geekingfrog/maximumContentLengthIO 
maximumContentLengthIO
 2019-03-17 11:11:45 +02:00
Grégoire Charvet 黑瓜
f1374c9140 add doc for maximumContentLength override 2019-03-17 09:10:07 +00:00
Grégoire Charvet 黑瓜
a691f49258 update changelog 2019-03-15 20:37:46 +00:00
Grégoire Charvet 黑瓜
48bfe0d573 maximumContentLengthIO 2019-03-15 20:35:39 +00:00
Michael Snoyman
4b760a027e
Merge pull request #1586 from yesodweb/documentRunDB 
Document runDB
 2019-03-07 04:24:28 +02:00
Maximilian Tagher
837b898b35 Document runDB 
My coworker who is new to Haskell was pointing out that for such an important function to Yesod, this one is lacking any documentation. It's slightly hard to document because people could provide various implementations for it, but I think this description captures the essence pretty well, and notes the important implicit behavior of opening a transaction.
 2019-03-06 11:31:38 -08:00
Michael Snoyman
c67c89007c
src subdir for yesod-core 2019-02-19 04:02:21 +02:00
Michael Snoyman
e5cc9987ae
Move from byteable to memory 2019-02-19 03:58:31 +02:00
Michael Snoyman
b1e718397b
Deprecate GoogleEmail2 (fixes #1579) 2019-02-12 18:52:47 +02:00
Michael Snoyman
90fa4d9eae
Merge pull request #1581 from nytopop/no-multi-session-cookies 
Use at most one valid session cookie per request
 2019-02-11 19:16:05 +02:00
nytopop
70b730cc4e
Use at most one valid session cookie per request 
Makes `loadClientSession` ignore all sessions in a request if more than
a single session cookie decodes successfully. The prior behavior was to
merge all valid session cookies' values.

Bumps version to 1.6.12
 2019-02-10 08:42:37 -08:00
Michael Snoyman
9ccdc38b78
Merge pull request #1576 from eborden/eborden/deprecate-insecure-json-body-functions 
Deprecate insecure JSON body functions
 2019-01-30 09:21:29 +02:00
Evan Rutledge Borden
da9e72b82f Add minor version bump to 1.6.11 
JSON parsing function deprecations warrant a minor version bump.
 2019-01-29 15:31:35 -06:00
Jonathan Lamothe
6fe7ee6e0d Documentation fix (#1577) 
* fixed documentation

* bumped version

* updated ChangeLog
 2019-01-26 12:53:04 +05:30
Evan Rutledge Borden
b50ca99566 Deprecate insecure JSON body functions 
`parseJsonBody` and `requireJsonBody` do not require a mime type when
parsing `JSON` content. This leaves them open to CSRF. They are now
deprecated and `insecure` versions are added in their place. Consumers
are now given a proper choice between secure and insecure functions.

There is a potential attack vector in that the browser does not trigger
CORS requests for "simple requests", which includes POST requests that
are form or text content-types. An attacker can craft a form whose body
is valid JSON, and when a user visits attacker.com and submits that
form, it can be submitted to bank.com and bypass CORS.

Checking the content-type is application/json prevents this, because if
the content-type was set to application/json, then the browser would
send a CORS request—a preflight OPTIONS request to the server asking if
the current domain (and some other values) are whitelisted to send
requests to that server. If the server doesn't say attacker.com is
whitelisted, the browser will not send the real request to the server.
 2019-01-24 09:12:48 -06:00
Michael Snoyman
874a711d47
Merge pull request #1574 from yesodweb/more-ltses 
More LTSes are tested
 2019-01-23 08:26:41 +02:00
Michael Snoyman
5f597494b5
More LTSes are tested 2019-01-22 20:09:05 +02:00
Michael Snoyman
c7e4dd0a1c
Fix test suite compilation on GHC 8.6.3 commercialhaskell/stackage#4319 2019-01-22 18:40:31 +02:00
Michael Snoyman
9ff1f18a4a
Merge pull request #1573 from yesodweb/getSetCache 
Add functions to get and set values in the per-request caches
 2019-01-22 09:35:37 +02:00
Maximilian Tagher
c8974d81f9 Add functions to get and set values in the per-request caches 
Closes #1572
 2019-01-21 10:47:27 -08:00
Sibi
09c4587393
Merge pull request #1571 from jlamothe/FormResult 
Make FormResult instances of Eq and Monad
 2019-01-20 22:59:18 +05:30
Jonathan Lamothe
92e4e48353 updated ChangeLog 2019-01-19 13:12:29 -05:00
Jonathan Lamothe
fd141d56b7 incremented version number 2019-01-18 18:53:04 -05:00
Jonathan Lamothe
429f78859c make FormResult an instance od Eq 2019-01-18 12:48:36 -05:00
Maximilian Tagher
673db5f6ff
Merge pull request #1570 from yesodweb/cookieHelpers 
[yesod-test] Add utility functions to modify cookies
 2019-01-15 08:04:30 -08:00
Maximilian Tagher
bedec86c74 [yesod-test] Add utility functions to modify cookies 2019-01-14 16:12:32 -08:00
Michael Snoyman
72c6187a22
Merge pull request #1568 from stevehartdata/master 
Eliminate deprecation warnings when building websockets sample.hs
 2019-01-09 08:49:51 +02:00
Steve Hart
e1a33248b0 Eliminate deprecation warnings when building websockets sample.hs 2019-01-07 20:12:12 -05:00
Sibi
c5268e3581
Merge pull request #1567 from gabebw/gbw-fix-typo 
Fix typo in deprecation message
 2018-12-28 10:41:12 +05:30
Gabe Berke-Williams
9720363117 Fix typo in deprecation message 
The message recommended using `authTwitterUsingUserID` (note that the
`ID` at the end of the method name is all capitalized).

However, the actual method name is `authTwitterUsingUserId` (note the `Id` at the
end).
 2018-12-27 17:31:58 -08:00
Michael Snoyman
f7f356b32e
Relax upper bound (fixes #1566) 2018-12-19 08:28:07 +02:00
Michael Snoyman
7a2c5367e7
Merge pull request #1565 from StevenXL/add-send-response-no-content 
Add sendResponseNoContent.
 2018-12-03 09:22:06 +02:00
Steven Leiva
2a9bef34c0 Add sendResponseNoContent. 2018-11-30 14:27:21 -06:00
Michael Snoyman
6eb91bdb77
Add missing test file (fixes #1563) 2018-10-15 16:21:17 +03:00
Michael Snoyman
f7e177d5f2
Version bump 2018-10-14 11:10:13 +03:00