This is the main package for Yesod, providing all core functionality on which other packages can be built. It provides dispatch, handler functions, widgets, etc.
Yesod is well documented on its website.
- Derive a
- Some third party packages, like
yesod-routes-flowderive their own
Showinstance, and this will break those packages.
- Some third party packages, like
Semigroup LiteAppinstance, and explicitly define
(<>)in the already existing
- Upgrade to conduit 1.3.0
- Switch to
- Strictify some internal data structures
CIwrapper to first field in
Headerdata constructor #1418
- Internal only change, users of stable API are unaffected:
WidgetTholds its data in an
IORefso that it is isomorphic to
ReaderT, avoiding state-loss issues..
- Overhaul of
WidgetTto no longer be transformers.
- Fix Haddock comment & simplify implementation for
Improve error message when request body is too large #1477
Improve error messages for the CSRF checking functions #1455
Fix documentation on
getMessageRenderto use said function. #1457
setWeakEtagfunction in Yesod.Core.Handler module.
replaceOrAddHeaderfunction in Yesod.Core.Handler module. 1416
TH fix for GHC 8.2
- Contexts can be included in generated TH instances. 1365
- Type variables can be included in routes.
Adds curly brackets to route parser. #1363
- Fix warnings
- Route parsing handles CRLF line endings
- Add 'getPostParams' in Yesod.Core.Handler
- Haddock rendering improved.
Exports some internals and fix version bounds #1318
Add ToWidget instances for strict text, lazy text, and text builder #1310
languagesso that, if you previously called
setLanguage, the newly set language will be reflected.
Add instance of MonadHandler and MonadWidget for ExceptT #1278
cached and cachedBy will not overwrite global state changes #1268
- Don't allow sending multiple cookies with the same name to the client, in accordance with RFC 6265. This fixes an issue where multiple CSRF tokens were sent to the client. #1258
- Default CSRF tokens to the root path "/", fixing an issue where multiple tokens were stored in cookies, and using the wrong one led to CSRF errors #1248
- urlParamRenderOverride method for Yesod class #1257
- Add laxSameSiteSessions and strictSameSiteSessions #1226
Proper handling of impure exceptions within
Add support for
GHC 8 support
Log a warning when a CSRF error occurs #1200
Allow lines of dashes in route files #1182
Auth logout not working with defaultCsrfMiddleware #1151
Allow subsites within hierarchical routes #1144
Add hook to apply arbitrary function to all handlers #1122
bugfix neverExpires leaked threads
mkYesod avoids using reify when it isn't necessary. This avoids needing to define the site type below the call to mkYesod.
- Add CSRF protection functions and middleware based on HTTP cookies and headers #1017
- Add mkYesodWith, which allows creating sites with polymorphic type parameters #1055
- Do not define the site type below a call to mkYesod (or any variant), as it will be required at splicing time for reification. This was allowed before because reification was not in use. Reification was introduced to allow parametrized types to be used by mkYesod (and variants), with potentially polymorphic variables.
Don't show source location for logs that don't have that information #1027
Export log formatting #1001
Deal better with multiple cookie headers
Add simple authentication helpers #962
Use 307 redirect for cleaning paths and non-GET requests #951
Allow blaze-builder 0.4
Bump upper bound on path-pieces
Add a bunch of
Remove defunct reference to SpecialResponse #925
SSL-only session security #894
MonadLoggerIOinstances (conditional on monad-logger 0.3.10 being used).
Support time 1.5
neverExpires uses dates one year in the future (instead of in 2037).
Improvements to etag/if-none-match support #868 #869
Switch to mwc-random for token generation.