haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,754 Commits 42 Branches 853 Tags 10 MiB
2c246486e7
Commit Graph

4754 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Snoyman
2c246486e7
Remove some older stuff 2019-02-21 07:05:31 +02:00
Michael Snoyman
950c8e5a77
yesod-core moved over to rio 2019-02-19 13:03:29 +02:00
Michael Snoyman
c67c89007c
src subdir for yesod-core 2019-02-19 04:02:21 +02:00
Michael Snoyman
e5cc9987ae
Move from byteable to memory 2019-02-19 03:58:31 +02:00
Michael Snoyman
b1e718397b
Deprecate GoogleEmail2 (fixes #1579) 2019-02-12 18:52:47 +02:00
Michael Snoyman
90fa4d9eae
Merge pull request #1581 from nytopop/no-multi-session-cookies 
Use at most one valid session cookie per request
 2019-02-11 19:16:05 +02:00
nytopop
70b730cc4e
Use at most one valid session cookie per request 
Makes `loadClientSession` ignore all sessions in a request if more than
a single session cookie decodes successfully. The prior behavior was to
merge all valid session cookies' values.

Bumps version to 1.6.12
 2019-02-10 08:42:37 -08:00
Michael Snoyman
9ccdc38b78
Merge pull request #1576 from eborden/eborden/deprecate-insecure-json-body-functions 
Deprecate insecure JSON body functions
 2019-01-30 09:21:29 +02:00
Evan Rutledge Borden
da9e72b82f Add minor version bump to 1.6.11 
JSON parsing function deprecations warrant a minor version bump.
 2019-01-29 15:31:35 -06:00
Jonathan Lamothe
6fe7ee6e0d Documentation fix (#1577) 
* fixed documentation

* bumped version

* updated ChangeLog
 2019-01-26 12:53:04 +05:30
Evan Rutledge Borden
b50ca99566 Deprecate insecure JSON body functions 
`parseJsonBody` and `requireJsonBody` do not require a mime type when
parsing `JSON` content. This leaves them open to CSRF. They are now
deprecated and `insecure` versions are added in their place. Consumers
are now given a proper choice between secure and insecure functions.

There is a potential attack vector in that the browser does not trigger
CORS requests for "simple requests", which includes POST requests that
are form or text content-types. An attacker can craft a form whose body
is valid JSON, and when a user visits attacker.com and submits that
form, it can be submitted to bank.com and bypass CORS.

Checking the content-type is application/json prevents this, because if
the content-type was set to application/json, then the browser would
send a CORS request—a preflight OPTIONS request to the server asking if
the current domain (and some other values) are whitelisted to send
requests to that server. If the server doesn't say attacker.com is
whitelisted, the browser will not send the real request to the server.
 2019-01-24 09:12:48 -06:00
Michael Snoyman
874a711d47
Merge pull request #1574 from yesodweb/more-ltses 
More LTSes are tested
 2019-01-23 08:26:41 +02:00
Michael Snoyman
5f597494b5
More LTSes are tested 2019-01-22 20:09:05 +02:00
Michael Snoyman
c7e4dd0a1c
Fix test suite compilation on GHC 8.6.3 commercialhaskell/stackage#4319 2019-01-22 18:40:31 +02:00
Michael Snoyman
9ff1f18a4a
Merge pull request #1573 from yesodweb/getSetCache 
Add functions to get and set values in the per-request caches
 2019-01-22 09:35:37 +02:00
Maximilian Tagher
c8974d81f9 Add functions to get and set values in the per-request caches 
Closes #1572
 2019-01-21 10:47:27 -08:00
Sibi
09c4587393
Merge pull request #1571 from jlamothe/FormResult 
Make FormResult instances of Eq and Monad
 2019-01-20 22:59:18 +05:30
Jonathan Lamothe
92e4e48353 updated ChangeLog 2019-01-19 13:12:29 -05:00
Jonathan Lamothe
fd141d56b7 incremented version number 2019-01-18 18:53:04 -05:00
Jonathan Lamothe
429f78859c make FormResult an instance od Eq 2019-01-18 12:48:36 -05:00
Maximilian Tagher
673db5f6ff
Merge pull request #1570 from yesodweb/cookieHelpers 
[yesod-test] Add utility functions to modify cookies
 2019-01-15 08:04:30 -08:00
Maximilian Tagher
bedec86c74 [yesod-test] Add utility functions to modify cookies 2019-01-14 16:12:32 -08:00
Michael Snoyman
72c6187a22
Merge pull request #1568 from stevehartdata/master 
Eliminate deprecation warnings when building websockets sample.hs
 2019-01-09 08:49:51 +02:00
Steve Hart
e1a33248b0 Eliminate deprecation warnings when building websockets sample.hs 2019-01-07 20:12:12 -05:00
Sibi
c5268e3581
Merge pull request #1567 from gabebw/gbw-fix-typo 
Fix typo in deprecation message
 2018-12-28 10:41:12 +05:30
Gabe Berke-Williams
9720363117 Fix typo in deprecation message 
The message recommended using `authTwitterUsingUserID` (note that the
`ID` at the end of the method name is all capitalized).

However, the actual method name is `authTwitterUsingUserId` (note the `Id` at the
end).
 2018-12-27 17:31:58 -08:00
Michael Snoyman
f7f356b32e
Relax upper bound (fixes #1566) 2018-12-19 08:28:07 +02:00
Michael Snoyman
7a2c5367e7
Merge pull request #1565 from StevenXL/add-send-response-no-content 
Add sendResponseNoContent.
 2018-12-03 09:22:06 +02:00
Steven Leiva
2a9bef34c0 Add sendResponseNoContent. 2018-11-30 14:27:21 -06:00
Michael Snoyman
6eb91bdb77
Add missing test file (fixes #1563) 2018-10-15 16:21:17 +03:00
Michael Snoyman
f7e177d5f2
Version bump 2018-10-14 11:10:13 +03:00
Michael Snoyman
ab0ac8b1a2
Fix extra-deps 2018-10-14 10:49:12 +03:00
Michael Snoyman
aed169b43f
Merge branch 'update-persistent' of https://github.com/DanBurton/yesod 2018-10-14 10:47:23 +03:00
Michael Snoyman
b16084ed34
Configuration for persistent 2.9 2018-10-14 10:45:45 +03:00
Michael Snoyman
7f07325dc4
Merge branch 'master' of https://github.com/iand675/yesod 2018-10-14 10:44:18 +03:00
Dan Burton
bff8200ae4
Updated changelogs and versions for #1561 2018-10-11 14:21:17 -04:00
Dan Burton
132abccff2
Compile with ghc 8.6 by pushing MonadFail usage into IO 2018-10-11 13:53:35 -04:00
Dan Burton
90423f5bc7
Downgrade yesod-persistent version bump to patch level 2018-10-11 12:56:49 -04:00
Dan Burton
49dcfe02af
Merge branch 'master' of https://github.com/iand675/yesod into update-persistent 2018-10-11 12:54:52 -04:00
Michael Snoyman
84f77fe34a
Merge pull request #1558 from whittle/routes-file-line-continuations 
In the route syntax, allow trailing backslashes to indicate line continuation.
 2018-10-09 05:24:15 +03:00
Jason Whittle
ee260e24cb Update changelog with a link to PR #1558. 2018-10-08 18:04:16 -04:00
Jason Whittle
ca602d11bf Bump minor version. 2018-10-08 16:56:20 -04:00
Jason Whittle
4e4efd1627 In the route syntax, allow trailing backslashes to indicate line continuation. 2018-10-08 16:47:06 -04:00
Michael Snoyman
6a9bcc292d
Remove unneeded version bumps 2018-10-08 10:20:49 +03:00
Michael Snoyman
55e0ca4bc3
Add PrimMonad instances 
Pointed out at: https://stackoverflow.com/q/52692508/369198
 2018-10-08 08:19:32 +03:00
Michael Snoyman
1c2cb0c717
Merge pull request #1554 from oddvars/oddvars-typo-patch 
minor typos
 2018-09-14 08:29:19 +03:00
oddvars
41101b20dd
minor typos 
fixed typo and escaped backslash for haddock
 2018-09-13 16:42:52 +02:00
Michael Snoyman
2af5d9c64c
Relax yaml upper bound 2018-08-20 10:11:42 +03:00
Michael Snoyman
67c223d76b
Minor cabal file improvements 2018-08-20 10:11:42 +03:00
Steven Leiva
3ebd8f91a5
Merge pull request #1550 from StevenXL/set-x-xss-protection 
Set X-XSS-Protection to 1; mode=block.
 2018-08-06 15:46:31 -05:00