Changelog for servant-auth-server-0.4.1.0
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
[Unreleased]
[0.4.1.0] - 2018-10-05
Added
- #125 Allow setting domain name for a cookie [@domenkozar]
Changed
- bump http-api-data to 0.3.10 that includes Cookie orphan instances previously located in servant-auth-server [@phadej]
- #114 Export
HasSecurity
typeclass [@rockbmb]
[0.4.0.1] - 2018-09-23
Security
- #123 Session cookie did not apply SameSite attribute [@domenkozar]
Added
- #112 HasLink instance for Auth combinator [@adetokunbo]
- #111 Documentation for using hoistServer [@mschristiansen]
- #107 Add utility functions for reading and writing a key to a file [@mschristiansen]
[0.4.0.0] - 2018-06-17
Added
- Support GHC 8.4 by @phadej and @domenkozar
- Support for servant-0.14 by @phadej
- #96 Support for jose-0.7 by @xaviershay
- #92 add
clearSession
for logout by @plredmond and @3noch - #95 makeJWT: allow setting Alg via defaultJWTSettings by @domenkozar
- #89 Validate JWT against a JWKSet instead of JWK by @sopvop
Changed
- #92 Rename CSRF to XSRF by @plredmond and @3noch
- #92 extract 'XsrfCookieSettings' from 'CookieSettings' and make XSRF checking optional by @plredmond and @3noch
- #69 export SameSite by @domenkozar
- #102 Reuse Servant.Api.IsSecure instead of duplicating ADT by @domenkozar
Deprecated
- #92 Renamed 'makeCsrfCookie' to 'makeXsrfCookie' and marked the former as deprecated by @plredmond and @3noc
- #92 Made several changes to the structure of 'CookieSettings' which will require attention by users who have modified the XSRF settings by @plredmond and @3noch
Security
- #94 Force cookie expiration on serverside by @karshan
[0.3.2.0] - 2018-02-21
Added
- #76 Export wwwAuthenticatedErr and elaborate its annotation by @defanor
- Support for servant-0.14 by @phadej
Changed
- Disable the readme executable for ghcjs builds by @hamishmack
- #84 Make AddSetCookieApi type family open by @qnikst
- #79 Make CSRF checks optional for GET requests by @harendra-kumar
[0.3.1.0] - 2017-11-08
Added
- Support for servant-0.12 by @phadej
[0.3.0.0] - 2017-11-07
Changed
- #47 'cookiePath' and 'xsrfCookiePath' added to 'CookieSettings' by @mchaver
[0.2.8.0] - 2017-05-26
Added
- #45 Support for servant-0.11 by @phadej
[0.2.7.0] - 2017-02-11
Changed
- #27 #41 'acceptLogin' and 'makeCsrfCookie' functions by @bts