haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,261 Commits 42 Branches 853 Tags 10 MiB
ae7dfd2408
Commit Graph

63 Commits

Author SHA1 Message Date
Casey Allred
9458e57a58 adjusted to use *{..} syntax 2016-11-26 12:07:49 -07:00
Casey Allred
cec6f42a99 added jsAttributes for the script tag generated by julius files 2016-11-25 21:36:51 -07:00
Bryan Richter
111b017f58 Explain what sslOnlyMiddleware really does (#1262) 
Doc updated per
<https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>.

I was tipped off to the discrepancy when my site worked totally fine over
http, in spite of the claim, "This middleware makes a site functionally
inaccessible over vanilla http in all standard browsers."
 2016-08-24 08:24:32 -07:00
Maximilian Tagher
e6287362ad Default CSRF tokens to the root path "/" 
* The default path of cookies is the current path making the request
  * e.g. an AJAX request made from http://example.com/foo/bar would be /foo
  * This causes multiple CSRF tokens to build up as you navigate a site
  * This will cause errors if the CSRF tokens have different values, and an invalid token is sent.
* Closes #1247
 2016-08-16 07:25:41 -07:00
Michael Snoyman
cc6cc2939e Fix ChangeLog and @since comments 2016-08-10 15:18:41 +03:00
Michael Snoyman
f6891b0373 Merge branch 'BL/samesite' of https://github.com/bobjflong/yesod into bobjflong-BL/samesite 2016-08-10 15:17:25 +03:00
Artem Chuprina
83299bf1be urlParamRenderOverride method for Yesod class 
this method replaces urlRenderOverride because the latter lacks support for query string
 2016-08-09 22:54:24 +03:00
Maximilian Tagher
0eb8ab3050 Document recommended usage of the CSRF middleware 
* Closes #1246
 2016-07-14 07:56:31 -07:00
Mikkel Christiansen
50c4138a5c Take hlint suggestions. 2016-06-28 08:28:23 +02:00
Sibi
2a01710f4b Remove outdated instruction for jsLoader (#1238) 2016-06-05 11:28:22 -07:00
Bob Long
294ef285a3 remove redundant paren 2016-05-03 16:24:12 +01:00
Bob Long
6746c1c94f fixup whitespace in docs 2016-05-03 16:23:57 +01:00
Bob Long
1834d255e6 replace pure with Just for backwards compat 2016-05-03 15:18:45 +01:00
Bob Long
9b0caaf2cf expand documentation on lax & strict 2016-05-03 15:17:46 +01:00
Bob Long
bc7ff2f552 Add version information 2016-05-01 17:23:10 +01:00
Bob Long
a797c2e5d4 Add laxSameSiteSessions and strictSameSiteSessions 2016-05-01 16:31:01 +01:00
Murray
a15070709d allow more than one session message and add statuses 2016-03-16 18:14:40 +00:00
mrkkrp
bb02d2b911 fix references to ‘Yesod.Core.Handler’ 2015-12-11 22:40:06 +06:00
Michael Snoyman
de3818784a getApprootText 2015-12-04 14:40:50 +02:00
Paul Rouse
e4503ded60 Remove unnecessary underscores in guessApprootOr 2015-10-13 15:22:30 +01:00
Paul Rouse
692773326a Add guessApprootOr function 2015-10-13 15:00:02 +01:00
Michael Snoyman
5d0a4567f3 Add the guessApproot function (pinging @gregwebs) 2015-10-13 10:32:25 +00:00
Maximilian Tagher
33982b2112 Add CSRF protection functions/middleware that support AJAX requests 2015-08-17 16:52:39 -07:00
Andrew
e37ccee3d7 Use a let binding for greater clarity 2015-06-30 18:30:24 -04:00
Andrew Martin
e327963912 Don't show source location for logs that don't have that information 2015-06-30 17:02:33 -04:00
Michael Snoyman
b20c19d2c5 Version bump 2015-06-04 09:43:06 +03:00
Yitzchak Gale
f3d9bb2555 Unneeded import of Data.Maybe in Yesod.Core.Class.Yesod. 2015-06-03 11:48:02 +03:00
Yitzchak Gale
95c8d40010 Fix haddock about default log level. 2015-06-03 11:45:29 +03:00
Yitzchak Gale
bef07c5e12 Fix reference to default in haddock for shouldLog. 2015-06-03 11:18:33 +03:00
Yitzchak Gale
bd161ef5f7 Export defaults for logging methods of Yesod. 2015-06-03 11:16:43 +03:00
Michael Snoyman
882956255a Better support for multiple cookie headers 2015-04-02 16:40:14 +03:00
Michael Snoyman
b3754498ec Version bump 2014-12-20 18:25:15 +02:00
Patrick Boe
8b7c58f381 added functions to simplify application of an ssl-only policy to a site 2014-12-20 10:26:32 -05:00
Michael Snoyman
c95e74053b Version bump 2014-11-28 07:47:30 +02:00
patrick brisbin
21cd47cc98
Add envClientSessionBackend, ENV-based session key 
This can be useful if:

1. You can't rely on a persistent file system (e.g. Heroku)
2. Your application is open source (e.g. you can't commit the key)

By keeping a consistent value in the environment variable, your users will
have consistent sessions without relying on the file system.

Usage:

    makeSessionBackend _ = fmap Just $ envClientSessionBackend 120 "SESSION_KEY"
 2014-11-25 11:15:13 -05:00
Michael Snoyman
3b310a7103 yesodWithInternalState 2014-10-07 07:42:02 +03:00
Michael Snoyman
3447510080 Clean up a bunch of warnings 2014-09-29 08:08:02 +03:00
Michael Snoyman
ccab062f2d Remove all conditional compilation for Yesod 1.4 release 
Left in for GHC-bundled libraries (ghc, base, bytestring, binary)
 2014-09-07 18:17:45 +03:00
Michael Snoyman
1e76a28f6d withUrlRenderer 2014-08-31 02:24:08 +03:00
Michael Snoyman
807ff497f9 aeson 0.7 support 2014-01-15 19:12:57 +02:00
Michael Snoyman
45eadd3e09 fast-logger 2.1 support 2013-12-26 13:53:39 +02:00
Michael Snoyman
c670c54ba4 fast-logger 2.0 2013-12-03 11:55:39 +02:00
Michael Snoyman
b18e43c050 Incomplete fast-logger 2.0 changes 2013-12-02 19:40:03 +02:00
Michael Snoyman
aa5781d4e4 shouldLogIO 2013-08-07 07:22:28 +03:00
Jonathan Fischoff
28e7bc26b8 Adding a ToTypedContent constraint to yesodMiddleware for response logging, etc. 2013-06-17 14:24:50 -07:00
Michael Snoyman
743966898d Move away from RepHtml some more 2013-05-20 09:16:53 +03:00
Felipe Lessa
c19501b1d8 yesod-core: New 'customizeSessionCookies' helper function. 2013-05-03 20:56:52 -03:00
Michael Snoyman
a013eb2295 maximumContentLength is a Maybe 2013-04-18 10:19:50 +03:00
Greg Weber
a357922d39 setHeader -> addHeader 2013-04-03 15:24:12 -07:00
Greg Weber
8429a66ad8 not authenticated returns 401, not 403 2013-04-03 07:47:32 -07:00