haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,166 Commits 42 Branches 853 Tags 10 MiB
e5b3cf6dc7
Commit Graph

269 Commits

Author SHA1 Message Date
Alexander Lippling
8822fa37a8 Added support for aeson's toEncoding function (>= 0.11) to sendStatusJSON 2016-08-28 01:06:23 +02:00
Bryan Richter
111b017f58 Explain what sslOnlyMiddleware really does (#1262) 
Doc updated per
<https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>.

I was tipped off to the discrepancy when my site worked totally fine over
http, in spite of the claim, "This middleware makes a site functionally
inaccessible over vanilla http in all standard browsers."
 2016-08-24 08:24:32 -07:00
Maximilian Tagher
e6287362ad Default CSRF tokens to the root path "/" 
* The default path of cookies is the current path making the request
  * e.g. an AJAX request made from http://example.com/foo/bar would be /foo
  * This causes multiple CSRF tokens to build up as you navigate a site
  * This will cause errors if the CSRF tokens have different values, and an invalid token is sent.
* Closes #1247
 2016-08-16 07:25:41 -07:00
Maximilian Tagher
9fb876e383 Merge pull request #1258 from bitemyapp/master 
What I did to avoid the duplicate cookie problem
 2016-08-13 21:18:49 -04:00
Michael Snoyman
cc6cc2939e Fix ChangeLog and @since comments 2016-08-10 15:18:41 +03:00
Michael Snoyman
f6891b0373 Merge branch 'BL/samesite' of https://github.com/bobjflong/yesod into bobjflong-BL/samesite 2016-08-10 15:17:25 +03:00
Artem Chuprina
83299bf1be urlParamRenderOverride method for Yesod class 
this method replaces urlRenderOverride because the latter lacks support for query string
 2016-08-09 22:54:24 +03:00
Chris Allen
a3f4974750 Merge branch 'master' of git://github.com/yesodweb/yesod 2016-07-22 10:50:22 -05:00
Maximilian Tagher
0eb8ab3050 Document recommended usage of the CSRF middleware 
* Closes #1246
 2016-07-14 07:56:31 -07:00
Chris Allen
5e4cefc9ad path, not value 2016-07-08 14:25:47 -05:00
Chris Allen
4a0caeb05c deleting cookie before adding to avoid duplicates for a test 2016-07-08 13:38:39 -05:00
Mikkel Christiansen
50c4138a5c Take hlint suggestions. 2016-06-28 08:28:23 +02:00
Mikkel Christiansen
cc134b93de Remove compiler warnings for unused var and unused imports. 2016-06-27 19:47:55 +02:00
Michael Snoyman
1036550d00 Add missing Monoid import 2016-06-23 08:15:53 +03:00
Michael Snoyman
c24d0e7f80 Allow deepseq 1.3 2016-06-22 23:01:44 +03:00
Michael Snoyman
90ecc1ebe3 Significant cleanup of runHandler 
@nh2 This hopefully makes the logic much clearer to avoid exceptional
cases slipping through.

@gregwebs Maybe you'd like to review this?

For yesod-core 1.5: we should make as many datatypes strict-fielded as
possible in Yesod.Core.Types to make for less corner cases. Also, the
idea of an exception value itself being partial is _really_ terrifying.
 2016-06-22 20:28:42 +03:00
Michael Snoyman
33ea980dba Simplify away from returnDeepSessionMap 2016-06-22 18:45:46 +03:00
Michael Snoyman
a3d9a13abe Proper handling of impure exceptions within HandlerError values 2016-06-22 18:24:18 +03:00
Michael Snoyman
85e7fd7e33 Version bump for #1241 2016-06-20 17:30:28 +03:00
Alexander Lippling
18cd7834d6 Added support for aeson's toEncoding function (>= 0.11) 2016-06-20 13:19:11 +02:00
Sibi
2a01710f4b Remove outdated instruction for jsLoader (#1238) 2016-06-05 11:28:22 -07:00
Bob Long
294ef285a3 remove redundant paren 2016-05-03 16:24:12 +01:00
Bob Long
6746c1c94f fixup whitespace in docs 2016-05-03 16:23:57 +01:00
Bob Long
1834d255e6 replace pure with Just for backwards compat 2016-05-03 15:18:45 +01:00
Bob Long
9b0caaf2cf expand documentation on lax & strict 2016-05-03 15:17:46 +01:00
Bob Long
bc7ff2f552 Add version information 2016-05-01 17:23:10 +01:00
Bob Long
a797c2e5d4 Add laxSameSiteSessions and strictSameSiteSessions 2016-05-01 16:31:01 +01:00
Erik de Castro Lopo
96af1e7f39 yesod-core: Fix for a *very* late change in ghc-8.0 TH api 2016-04-23 10:54:41 +10:00
Erik de Castro Lopo
226c381baa yesod-core: Make it work with ghc-8.0 
Use CPP hackery to make it compile with ghc-8.0 and ghc 7.10. If
ghc-7.10 works, I assume earlier supported versions of GHC also
work. All tests pass with both GHC versions.

Unfortunately, the TH changes force changes in the type signature
of Yesod.Routes.TH.RenderRoute.mkRouteCons from:

    mkRouteCons :: [ResourceTree Type] -> ([Con], [Dec])

to

    mkRouteCons :: [ResourceTree Type] -> Q ([Con], [Dec])

and I can't see a way around that.
 2016-04-19 14:52:03 +10:00
Maximilian Tagher
5a5cfd6c7a Bump version for CSRF logging changes, and improve error message. 2016-03-28 23:36:31 -07:00
Maximilian Tagher
28fbaae268 Log a warning when a CSRF error occurs 
* Closes #1192
 2016-03-28 23:35:27 -07:00
Michael Snoyman
da4948592d Version bump 2016-03-29 09:14:02 +03:00
Murray
9dbcc95c3f remove single message deprecated directives 2016-03-18 09:17:57 +00:00
Murray
a15070709d allow more than one session message and add statuses 2016-03-16 18:14:40 +00:00
Sajith Sasidharan
93da4f060e Minor doc patch - sendStatusJSON is since 1.4.18 
I'm sure this is trivially obvious. :-)

Commit 6a60dac introduced `sendStatusJSON` on Nov 25, 2015; yesod-core 1.4.18 was uploaded to hackage on Dec 17.
 2016-03-06 18:22:51 -05:00
Chris Allen
7123b02500 typo 2016-03-01 15:13:34 -06:00
Michael Snoyman
cf5a390cad Add _token parameter to redirectToPost #1151 2016-01-24 14:37:44 +02:00
Ross MacLeod
1fb53dfa9e #1142 make sendStatusJSON fully polymorphic in its return type, since it never returns 2016-01-12 11:32:20 -05:00
Michael Snoyman
10709c4e26 Merge pull request #1122 from pseudonom/master 
Add hook to apply arbitrary function to all handlers
 2015-12-14 11:49:30 +02:00
mrkkrp
15c1573538 ‘checkCsrfHeaderNamed’ → ‘checkCsrfParamNamed’ 
Also removed trailing whitespace. Actual typo fix is on line 1318.
 2015-12-11 23:00:01 +06:00
mrkkrp
bb02d2b911 fix references to ‘Yesod.Core.Handler’ 2015-12-11 22:40:06 +06:00
Eric Easley
56c19a2cd3 Add hook to apply arbitrary function to all handlers 2015-12-09 11:29:13 -08:00
Greg Weber
b271978ccf Merge pull request #1105 from bitemyapp/master 
JSON-specific sendResponseStatus
 2015-12-07 16:04:07 -08:00
Michael Snoyman
de3818784a getApprootText 2015-12-04 14:40:50 +02:00
Chris Allen
ae1015b628 shorter name 2015-11-25 23:01:49 -06:00
Chris Allen
6a60dac366 JSON-specific sendResponseStatus 2015-11-25 14:49:53 -06:00
David Turner
badabaa1ca Update comment 2015-11-13 15:15:04 +00:00
David Turner
b9b2d0d609 Use AutoUpdate for session expiry date too 2015-11-13 13:40:19 +00:00
Paul Rouse
e4503ded60 Remove unnecessary underscores in guessApprootOr 2015-10-13 15:22:30 +01:00
Paul Rouse
692773326a Add guessApprootOr function 2015-10-13 15:00:02 +01:00