-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log a warning when a CSRF error occurs #1200
Conversation
Include a stable URL that documents the issue perhaps? A lot people (myself included) use terminals that make it easy to open recognizable URLs. Other than that, looks good. You're not adding this at the level where any provenance/cause is known, so this is as good as it's going to get for now. As long as the route/method will be proximal to this message, I'm fine with it. |
Can I ask where you were running into this error? I noticed that the default test environment in the yesod-scaffolding wouldn't log something like this and wondered if that was contributing to the problem |
We had logs turned up. Happened in dev, yesod-test has some stuff that fails at runtime if you don't make a GET before-hand. I already added logging for that particular case. |
@bitemyapp any suggestions for a stable URL? Ideally I'd link to this: http://haddock.stackage.org/lts-5.10/yesod-core-1.4.19/Yesod-Core-Handler.html#g:28 but I don't know of a way to get a stable link to it, besides hardcoding an specific version. |
@MaxGabriel stackage needs the latest version defaulting behavior Hackage has, but for LTS, it looks like. |
@snoyberg Do you think this is enough of a breaking change to warrant 1.5 or could this be snuck in as 1.4.20? |
To be clear, the breaking change you're referring to is the introduction of the |
Ah my bad, didn't realize that. |
It's a mistake in my original design, MonadLogger should have been a superclass of MonadHandler (unless history itself defeated me here). Either way, I see no problem with this being in the 1.4 series. |
ea6680a
to
5a5cfd6
Compare
(Closes #1192)
So, this is a breaking change because it adds the
MonadLogger
constraint tocheckCsrfHeaderOrParam
. However, I find it exceptionally unlikely that would cause issues, since this function is mainly used by higher-level middleware, is pretty new, and would probably be called from aHandler
that already has logging capabilities.The current log message is the same as what's returned in the response body:
cc @bitemyapp