haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,141 Commits 42 Branches 853 Tags 10 MiB
dd2ba40873
Commit Graph

128 Commits

Author SHA1 Message Date
Steven Leiva
4015ef2919 Set X-XSS-Protection to 1; mode=block. 2018-08-03 14:17:11 -05:00
Steven Leiva
266c436f18 selectRep chooses first rep if no matches found. 
The `selectRep` documentation indicates that it choose the first
representation provided if no representation matches.

This was only partially correct, as `selectRep` required that no
representation matched **and** that the `Content-Type` header of the
response was empty.

This led to a problem because `defaultErrorhandler` relies on
`selectRep`, and when `selectRep` was unable to find a suitable
representation, it would "swallow" the original error that resulted in
`defaultErrorhandler` being called, and set a status 406 for all cases.
 2018-07-19 21:32:02 -05:00
Steven Leiva
a63bf16a68 defaultErrorHandler handles text/plain request. 2018-06-12 21:08:55 -05:00
ncaq
74ce4c57ff Merge branch 'master' into add-file-source-bytes 2018-04-24 12:36:36 +09:00
ncaq
a59ee6b62e added: ChangeLog 1.6.4 2018-04-17 18:47:54 +09:00
ncaq
955b21d7ea added: ChangeLog 1.6.4 2018-04-17 14:24:57 +09:00
Michael Snoyman
778cf2cf0b
Add missing SubHandlerFor export 2018-04-04 12:11:27 +03:00
Maximilian Tagher
08ef0e26dc Derive Show instances for route data structures 
* It's very helpful to have a Show instance for debugging and development
* Currently third party packages are deriving this instance themselves which is not ideal.
    * http://hackage.haskell.org/package/yesod-routes-flow-2.0/docs/src/Yesod-Routes-Flow-Generator.html
    * http://hackage.haskell.org/package/yesod-routes-typescript-0.3.0.0/docs/src/Yesod-Routes-Typescript-Generator.html
    * This change would break those packages, which isn't great
         * At least the typescript one is broken anyway
 2018-03-04 15:59:54 -08:00
Ryan Scott
3408e1e630 Adapt to Semigroup changes in base-4.11 2018-02-04 20:09:37 -05:00
Michael Snoyman
6ad81f6d15
Merge remote-tracking branch 'origin/master' into better-monads 2018-02-02 00:17:37 +02:00
Michael Snoyman
0f09393c34
Merge branch 'simple-content-type' of https://github.com/JaSpa/yesod into better-monads 2018-01-21 11:13:05 +02:00
Maximilian Tagher
6b22a0b9be Give more detail in the error message for too large request bodies. 
* Just to be helpful to developers, give the maximum body length and their body length
* Also point developers to the function to change that value

(I don't think this leaks any sensitive info, because you can always binary search with different request body sizes to find the maximum allowable)
 2018-01-18 18:30:34 -08:00
Janek Spaderna
492102537f [yesod] Bump version & add changelog entry 2018-01-18 12:11:43 +01:00
Michael Snoyman
6830a9840c
Merge branch 'better-monads' into no-transformers 2018-01-17 06:43:52 +02:00
Michael Snoyman
25acc5799b
Version bumps and changelog updates 2018-01-15 15:57:36 +02:00
Michael Snoyman
47ee7384ea
Be gone with ye HandlerT! 2017-12-13 09:53:14 +02:00
Michael Snoyman
5c8b1b542a
WidgetT uses IORef 2017-12-12 12:46:35 +02:00
Maximilian Tagher
1275cce1af Give better error messages when CSRF validation fails 
* This is important because historically these errors have tripped people up
* Making security as easy as possible is important so that it doesn't just get turned off
* Giving clear directions about where to get the CSRF token (a cookie) and where to send it (a header/param) is especially helpful to frontend developers not necessarily familiar with the backend codebase
 2017-11-26 09:00:30 -05:00
Josh Berman
6d6afcf826 point changelog to PR not issue 2017-11-26 12:09:17 +02:00
Josh Berman
79ab662a80 Fix docs on languages set and getMessageRender to use it (#1325) 2017-11-26 11:52:37 +02:00
Ian Duncan
fd872cff40
Add support to yesod-core for weak etags 2017-09-06 10:08:45 +09:00
Sibi Prabakaran
7cfefdf3fa
Merge remote-tracking branch 'origin/master' into header-yesod 
Conflicts resolved in:
	yesod-core/ChangeLog.md
	yesod-core/yesod-core.cabal
 2017-07-28 17:01:03 +05:30
Michael Snoyman
06ca675bb6
Version bump 2017-07-20 13:58:15 +03:00
Sibi Prabakaran
a31c270893
Update Changelog and do verion bump of the package 2017-07-13 11:24:57 +05:30
James Parker
70f643b7e9 Merge branch 'master' of https://github.com/yesodweb/yesod into dev.jp 2017-06-01 11:24:54 -04:00
James Haver II
5ee51262de Update ChangeLog and Hackage comments 2017-05-12 01:04:13 +08:00
JP
db8bbcd8b5 Merge branch 'master' into dev.jp 2017-03-27 12:10:04 -04:00
James Parker
6b000ecfb4 Version bump and fix for old versions of TH. 2017-03-27 12:06:44 -04:00
Michael Snoyman
de9f5bc4c9
Version bump for #1363 2017-03-26 18:14:40 +03:00
Michael Snoyman
55623b76f6 Improve ChangeLog 2017-03-01 08:53:13 +02:00
Sibi Prabakaran
6d7ba59e4b
Update changelog 2017-02-17 00:22:57 +05:30
Michael Snoyman
cdc6c8ae04 Version bumps/changelog updates 2017-02-08 11:20:31 +02:00
Michael Snoyman
64ed0792bc Check mime-type for JSON bodies #1330 2017-02-02 08:10:19 +02:00
Michael Snoyman
9a484f9163 defaultMessageWidget 2016-12-07 20:08:47 -05:00
Michael Snoyman
ae7dfd2408 Changelog for #1310 2016-12-07 08:52:55 -05:00
Michael Snoyman
312adc40d5 Version bump for #1310 2016-11-30 13:40:46 +02:00
Michael Snoyman
00cf852216 Version bump for #1308 2016-11-29 13:47:33 +02:00
Michael Snoyman
bbca01ce71 languages reflects setLanguage 2016-11-04 11:10:26 +02:00
Michael Snoyman
856e60eb9b Version bump 2016-09-25 14:34:38 +03:00
Michael Snoyman
87afb38635 Version bump for #1268 2016-08-29 07:04:34 +03:00
Maximilian Tagher
e6287362ad Default CSRF tokens to the root path "/" 
* The default path of cookies is the current path making the request
  * e.g. an AJAX request made from http://example.com/foo/bar would be /foo
  * This causes multiple CSRF tokens to build up as you navigate a site
  * This will cause errors if the CSRF tokens have different values, and an invalid token is sent.
* Closes #1247
 2016-08-16 07:25:41 -07:00
Michael Snoyman
cc6cc2939e Fix ChangeLog and @since comments 2016-08-10 15:18:41 +03:00
Michael Snoyman
629d4c49a4 Version bump for #1257 2016-08-10 08:42:04 +03:00
Michael Snoyman
a3d9a13abe Proper handling of impure exceptions within HandlerError values 2016-06-22 18:24:18 +03:00
Michael Snoyman
85e7fd7e33 Version bump for #1241 2016-06-20 17:30:28 +03:00
Michael Snoyman
bf0ca2bc10 Version bump 2016-04-25 16:57:40 +03:00
Maximilian Tagher
5a5cfd6c7a Bump version for CSRF logging changes, and improve error message. 2016-03-28 23:36:31 -07:00
Michael Snoyman
da4948592d Version bump 2016-03-29 09:14:02 +03:00
Michael Snoyman
406694cd29 Version bump for #1182 2016-03-13 08:26:24 +02:00
Michael Snoyman
cf5a390cad Add _token parameter to redirectToPost #1151 2016-01-24 14:37:44 +02:00
Michael Snoyman
aa36a22834 Version bump for yesod-core 2016-01-21 09:59:45 +02:00
Michael Snoyman
d6cd13a423 Changelog for #1144 2016-01-14 09:34:43 +02:00
Michael Snoyman
bff65b7942 Version bump for #1122 2015-12-14 11:50:25 +02:00
Michael Snoyman
de3818784a getApprootText 2015-12-04 14:40:50 +02:00
Michael Snoyman
bc09ac2550 Merge pull request #1086 from paul-rouse/master 
Add guessApprootOr function
 2015-10-13 17:27:15 +03:00
Paul Rouse
692773326a Add guessApprootOr function 2015-10-13 15:00:02 +01:00
Greg Weber
3f15e2a20e Merge branch 'master' of github.com:yesodweb/yesod 
Conflicts:
	yesod-core/ChangeLog.md
	yesod-core/yesod-core.cabal
 2015-10-13 06:39:26 -07:00
Michael Snoyman
5d0a4567f3 Add the guessApproot function (pinging @gregwebs) 2015-10-13 10:32:25 +00:00
Greg Weber
3f2c550a06 version bump for neverExpires bug fix 2015-10-11 08:45:48 -07:00
Greg Weber
65bc93a6d6 1.4.15 Changelog 2015-08-23 17:16:11 -07:00
Daniel Díaz
8130e2b7a9 Fixed mkYesodGeneral message in changelog, and added information about splicing breaking change. 2015-08-21 21:52:35 +02:00
Maximilian Tagher
33982b2112 Add CSRF protection functions/middleware that support AJAX requests 2015-08-17 16:52:39 -07:00
Maximilian Tagher
620440d2b6 Update yesod-core changelog for 1.4.13 2015-08-16 19:18:35 -04:00
Michael Snoyman
add408c535 Version bump 2015-07-02 18:53:47 +03:00
Michael Snoyman
bd7659017f Add missing ChangeLog #1019 2015-06-24 05:02:36 +03:00
Michael Snoyman
b20c19d2c5 Version bump 2015-06-04 09:43:06 +03:00
Michael Snoyman
882956255a Better support for multiple cookie headers 2015-04-02 16:40:14 +03:00
Michael Snoyman
56d4b8c3ee Version bump 2015-03-26 14:52:36 +02:00
Michael Snoyman
e85be6f118 Use 307 redirect for cleaning paths and non-GET requests #951 2015-03-15 11:45:32 +02:00
Michael Snoyman
376b6f9c0d Allow blaze-builder 0.4 2015-03-10 14:56:44 +02:00
Michael Snoyman
df0cf82f56 Allow path-pieces 0.2 2015-02-19 11:56:24 +02:00
Michael Snoyman
6751d24d75 Version bumps 2015-02-09 07:25:08 +02:00
Michael Snoyman
887d7e8004 Doc update 2015-02-08 07:18:56 +02:00
Michael Snoyman
b3754498ec Version bump 2014-12-20 18:25:15 +02:00
Michael Snoyman
09df930de3 monad-control 1.0 2014-12-17 17:58:19 +02:00
Michael Snoyman
94dad6e116 Corrected changelog 2014-11-30 15:42:55 +02:00
Michael Snoyman
5f21c73d7d Changelog fix and typo correction 2014-11-30 07:39:40 +02:00
Michael Snoyman
c5519b36ef Rename changelog.md to ChangeLog.md (it was bugging me) 2014-11-28 07:47:52 +02:00