haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,490 Commits 42 Branches 853 Tags 10 MiB
c5ac821115
Commit Graph

93 Commits

Author SHA1 Message Date
Michael Snoyman
c5ac821115
Remove some conditionals for old versions 2017-12-12 12:08:06 +02:00
Maximilian Tagher
1275cce1af Give better error messages when CSRF validation fails 
* This is important because historically these errors have tripped people up
* Making security as easy as possible is important so that it doesn't just get turned off
* Giving clear directions about where to get the CSRF token (a cookie) and where to send it (a header/param) is especially helpful to frontend developers not necessarily familiar with the backend codebase
 2017-11-26 09:00:30 -05:00
Josh Berman
79ab662a80 Fix docs on languages set and getMessageRender to use it (#1325) 2017-11-26 11:52:37 +02:00
Ian Duncan
05b2193e9f
Code review fixes for #1444 2017-09-08 09:00:12 +09:00
Ian Duncan
fd872cff40
Add support to yesod-core for weak etags 2017-09-06 10:08:45 +09:00
Sibi Prabakaran
617591aa4e
Do case insensitive equality on header name 2017-07-14 13:44:21 +05:30
Sibi Prabakaran
89fc6c46e2
Fix ordering logic in replaceHeader function 2017-07-13 16:29:08 +05:30
Sibi Prabakaran
18951b0de7
Update the replace logic to obey proper ordering 2017-07-13 12:42:30 +05:30
Sibi Prabakaran
8416bb6569
Add Haddock documentation for the added function 2017-07-13 11:27:03 +05:30
Sibi Prabakaran
3cec499c85
ScopedTypeVariables is also needed 2017-07-13 11:17:03 +05:30
Sibi Prabakaran
839b56b032
Implement replaceOrAddHeader function 2017-07-13 11:10:54 +05:30
Sibi Prabakaran
470858f81c
Better Haddock rendering. Since -> @since 2017-02-17 00:21:31 +05:30
Sibi Prabakaran
797278243e
Add and export getPostParams function 2017-02-17 00:18:17 +05:30
Michael Snoyman
aefd074efa Cleanup GHC 8 redundant constraints 2017-02-05 13:35:12 +02:00
Michael Snoyman
bbca01ce71 languages reflects setLanguage 2016-11-04 11:10:26 +02:00
Cthulhu
fbaf502858 cached and cachedBy will not overwrite global state changes 2016-08-28 19:02:11 +03:00
Alexander Lippling
8822fa37a8 Added support for aeson's toEncoding function (>= 0.11) to sendStatusJSON 2016-08-28 01:06:23 +02:00
Maximilian Tagher
e6287362ad Default CSRF tokens to the root path "/" 
* The default path of cookies is the current path making the request
  * e.g. an AJAX request made from http://example.com/foo/bar would be /foo
  * This causes multiple CSRF tokens to build up as you navigate a site
  * This will cause errors if the CSRF tokens have different values, and an invalid token is sent.
* Closes #1247
 2016-08-16 07:25:41 -07:00
Chris Allen
5e4cefc9ad path, not value 2016-07-08 14:25:47 -05:00
Chris Allen
4a0caeb05c deleting cookie before adding to avoid duplicates for a test 2016-07-08 13:38:39 -05:00
Mikkel Christiansen
50c4138a5c Take hlint suggestions. 2016-06-28 08:28:23 +02:00
Mikkel Christiansen
cc134b93de Remove compiler warnings for unused var and unused imports. 2016-06-27 19:47:55 +02:00
Maximilian Tagher
5a5cfd6c7a Bump version for CSRF logging changes, and improve error message. 2016-03-28 23:36:31 -07:00
Maximilian Tagher
28fbaae268 Log a warning when a CSRF error occurs 
* Closes #1192
 2016-03-28 23:35:27 -07:00
Michael Snoyman
da4948592d Version bump 2016-03-29 09:14:02 +03:00
Murray
9dbcc95c3f remove single message deprecated directives 2016-03-18 09:17:57 +00:00
Murray
a15070709d allow more than one session message and add statuses 2016-03-16 18:14:40 +00:00
Sajith Sasidharan
93da4f060e Minor doc patch - sendStatusJSON is since 1.4.18 
I'm sure this is trivially obvious. :-)

Commit 6a60dac introduced `sendStatusJSON` on Nov 25, 2015; yesod-core 1.4.18 was uploaded to hackage on Dec 17.
 2016-03-06 18:22:51 -05:00
Michael Snoyman
cf5a390cad Add _token parameter to redirectToPost #1151 2016-01-24 14:37:44 +02:00
Ross MacLeod
1fb53dfa9e #1142 make sendStatusJSON fully polymorphic in its return type, since it never returns 2016-01-12 11:32:20 -05:00
mrkkrp
15c1573538 ‘checkCsrfHeaderNamed’ → ‘checkCsrfParamNamed’ 
Also removed trailing whitespace. Actual typo fix is on line 1318.
 2015-12-11 23:00:01 +06:00
Chris Allen
ae1015b628 shorter name 2015-11-25 23:01:49 -06:00
Chris Allen
6a60dac366 JSON-specific sendResponseStatus 2015-11-25 14:49:53 -06:00
David Turner
5b4d5ced3b Move auto-updater into YesodRunnerEnv 2015-10-10 15:58:39 +00:00
Mikkel Christiansen
a47ceec445 GHC 7.10 import warnings removed from yesod-core. 2015-08-26 14:52:39 +02:00
Maximilian Tagher
33982b2112 Add CSRF protection functions/middleware that support AJAX requests 2015-08-17 16:52:39 -07:00
Andrew Martin
c4d154b512 Added getsYesod 2015-07-23 13:29:16 -04:00
Andrew Martin
b88295cf05 stop the module import cycle 2015-06-05 13:20:03 -04:00
Andrew Martin
92aa58dee5 Make stripHandlerT and subHelper available for public use 2015-06-05 08:07:37 -04:00
Michael Snoyman
56d4b8c3ee Version bump 2015-03-26 14:52:36 +02:00
Aleksey Uimanov
79dc6c33b9 add lookupBasicAuth and lookupBearerAuth functions 2015-03-26 17:19:53 +05:00
Thomas Dziedzic
6398206b8f fix documentation spelling 2015-01-06 21:10:12 -08:00
Michael Snoyman
09df930de3 monad-control 1.0 2014-12-17 17:58:19 +02:00
David Turner
42f098ff64 neverExpires sets 'Expires' header to be a year from now. 2014-11-21 17:40:32 +00:00
Michael Snoyman
9a4348a0e3 Improve etag supported fpco/stackage-server#29 #868 #869 2014-11-19 11:03:55 +02:00
Michael Snoyman
b38abdba0f notModified and setEtag 2014-11-15 20:31:27 +02:00
Greg Weber
f18d0a8bac TypeCache typo and module exposure 2014-09-20 20:57:27 -07:00
Greg Weber
00b5781ec5 add cachedBy, like cached but adds a key 
re-factored to a base implementation with
no Yesod dependencies in TypeCache.hs
 2014-09-20 14:34:10 -07:00
Michael Snoyman
ccab062f2d Remove all conditional compilation for Yesod 1.4 release 
Left in for GHC-bundled libraries (ghc, base, bytestring, binary)
 2014-09-07 18:17:45 +03:00
Michael Snoyman
1e76a28f6d withUrlRenderer 2014-08-31 02:24:08 +03:00