haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,261 Commits 42 Branches 853 Tags 10 MiB
ae7dfd2408
Commit Graph

4261 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Snoyman
ae7dfd2408 Changelog for #1310 2016-12-07 08:52:55 -05:00
Michael Snoyman
f54b924137 Merge pull request #1318 from s9gf4ult/master 
Exports some internals and fix version bounds
 2016-12-07 08:50:52 -05:00
Aleksey Uimanov
80f0b3cd70 Add comments and bump minor version to 1.4.29 2016-12-07 14:04:51 +05:00
Aleksey Uimanov
47ef36012d export getGetMaxExpires 2016-12-05 19:33:04 +05:00
Aleksey Uimanov
2bd3a936c9 fix blaze-markup version bounds 2016-12-02 16:26:19 +05:00
Aleksey Uimanov
d1697a3fde export toWaiAppYre 2016-12-02 15:55:09 +05:00
Michael Snoyman
9c38a4b08e Version bump for #1314 2016-12-01 06:53:41 +02:00
Jason Whittle
7b12f61a91 yesod-test: add getLocation test helper. 2016-11-30 18:05:48 -05:00
Michael Snoyman
fbdaa2f675 Add since lines 2016-11-30 19:36:29 +02:00
Michael Snoyman
312adc40d5 Version bump for #1310 2016-11-30 13:40:46 +02:00
Michael Snoyman
51a5641435 Merge pull request #1310 from yesodweb/text_toWidget 
Add ToWidget instances for strict text, lazy text, and text builder
 2016-11-30 13:39:59 +02:00
Michael Snoyman
a337bf6d58 websockets 0.10 support 2016-11-30 06:42:15 +02:00
Michael Snoyman
58407c292e Fix a build failure 2016-11-29 13:51:02 +02:00
Michael Snoyman
2c4e19e0b6 Version bump for #1309 2016-11-29 13:48:42 +02:00
Michael Snoyman
00cf852216 Version bump for #1308 2016-11-29 13:47:33 +02:00
Michael Snoyman
a921d6cb31 Add caveat about possible Docker integration issues 2016-11-29 13:44:46 +02:00
Michael Snoyman
784f04ae7a Merge branch '1304-stack-based-devel' 2016-11-29 13:43:01 +02:00
Michael Snoyman
3883063ec2 Devel server indicates when recompilation is occurring 
Pinging @amitaibu
 2016-11-28 09:58:48 +02:00
Andrew Martin
1781699cab Add ToWidget instances for strict text, lazy text, and text builder 2016-11-27 15:27:54 -05:00
Michael Snoyman
ed87ded970 Merge pull request #1308 from sbditto85/default_attrs_julius 
added jsAttributes for the script tag generated by julius files
 2016-11-27 05:45:48 +02:00
Michael Snoyman
3159745ee8 Merge pull request #1309 from filipg/master 
remove invalid Google OpenID link
 2016-11-27 05:44:26 +02:00
Casey Allred
9458e57a58 adjusted to use *{..} syntax 2016-11-26 12:07:49 -07:00
Filip Gralinski
a3929aa9bb remove invalid Google OpenID link 2016-11-26 19:39:24 +01:00
Michael Snoyman
b1f1e4e222 Revert to runghc 2016-11-26 17:57:32 +02:00
Casey Allred
cec6f42a99 added jsAttributes for the script tag generated by julius files 2016-11-25 21:36:51 -07:00
Michael Snoyman
f3fc735a25 README.md, and some minor code cleanups 2016-11-24 07:51:54 +02:00
Michael Snoyman
ab4d6540ca Workaround for compatibility with older fsnotify 2016-11-23 15:59:58 +02:00
Michael Snoyman
6048a2c9bf Got my logic backwards :( 2016-11-23 15:34:14 +02:00
Michael Snoyman
db3beff4f3 Some CPP for Cabal API changes 2016-11-23 15:19:27 +02:00
Michael Snoyman
03307a8cc8 Fix dependency problems for older snapshots 2016-11-23 15:05:41 +02:00
Michael Snoyman
83d3a12a23 Rewrite yesod devel based on Stack #1304 
Please see ChangeLog for explanation.
 2016-11-23 13:59:56 +02:00
Maximilian Tagher
54cc4205d8 Merge pull request #1302 from psibi/csrf-fix 
yesod-auth: Fix CSRF security vulnerability in registerHelper function
 2016-11-22 10:49:26 -08:00
Sibi Prabakaran
696faa3fd0
req is not needed. 2016-11-20 13:43:01 +05:30
Sibi Prabakaran
10850f5cee
Use checkCsrfHeaderOrParam instead of manual check 2016-11-20 13:32:15 +05:30
Sibi Prabakaran
7f17d829b3
Fix CSRF security vulnerability in registerHelper function 
Return a 403 status code if the csrf tokens are matched. This currently
affects two endpoints: During registration and during password reset
forms.

This curl request demonstrates how this can be exploited to register new
email:

curl -i --header "Accept: application/json" --request POST -F
"email=sibi@psibi.in" http://localhost:3005/auth/page/email/register

With the patch applied, it will respond with this:

{"message":"Permission Denied. A valid CSRF token wasn't present in HTTP
headers or POST parameters. Because the request could have been forged,
it's been rejected altogether. Check the Yesod.Core.Handler docs of the
yesod-core package for details on CSRF protection."}
 2016-11-20 03:59:32 +05:30
Michael Snoyman
10a751cdbc Version bump for #1296 2016-11-14 07:04:36 +02:00
Andrew Martin
2d6e5cea02 Added a ToValue instance for Enctype 2016-11-13 14:59:21 -05:00
Michael Snoyman
cc395c2ecf Another extra-dep 2016-11-11 07:05:07 +02:00
Michael Snoyman
b09866c9ad conduit-extra extra-dep 2016-11-11 06:53:48 +02:00
Michael Snoyman
253beb3107 Merge branch 'master' of https://github.com/paul-rouse/yesod into paul-rouse-master 2016-11-11 06:52:42 +02:00
Paul Rouse
a46dcbedc2 Revised don't keep partial autogen file when exception occurs 2016-11-10 22:07:20 +00:00
Michael Snoyman
fec96bc57c Merge pull request #1290 from yesodweb/languages-checks-setLanguage 
languages reflects setLanguage
 2016-11-10 11:31:33 +02:00
Paul Rouse
4ab830c4d9 Don't keep partial autogen file when exception occurs 2016-11-09 09:31:28 +00:00
Michael Snoyman
b074279832 Fix test suite compilation 2016-11-06 12:08:05 +02:00
Michael Snoyman
cc15bc6580 Version bump and close #1286 2016-11-06 06:40:46 +02:00
Michael Snoyman
036b020c8c Merge branch '1286-yesod-static-apply-middleware' 2016-11-06 06:40:01 +02:00
Michael Snoyman
bbca01ce71 languages reflects setLanguage 2016-11-04 11:10:26 +02:00
Michael Snoyman
f9927530b4 Updated resolver 2016-10-31 12:47:50 +02:00
Michael Snoyman
e92c1f0c3e yesod-static applies Yesod middlewares #1286 2016-10-31 12:47:14 +02:00
Michael Snoyman
e2e546df4d Travis update 2016-10-24 19:43:36 +03:00