From 9f647cdf16ea6e0c8b5495b320eb1dd834784f8d Mon Sep 17 00:00:00 2001 From: Danielle McLean Date: Thu, 19 Oct 2017 12:21:39 +1100 Subject: [PATCH] Add sslOnlyMiddleware to the Foundation --- src/Foundation.hs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/Foundation.hs b/src/Foundation.hs index fc70ddf..8385eec 100644 --- a/src/Foundation.hs +++ b/src/Foundation.hs @@ -67,6 +67,9 @@ mkYesodData "App" $(parseRoutesFile "config/routes") -- | A convenient synonym for creating forms. type Form x = Html -> MForm (HandlerT App IO) (FormResult x, Widget) +sessionLifetime :: Int +sessionLifetime = 120 -- minutes + -- Please see the documentation for the Yesod typeclass. There are a number -- of settings which can be configured by overriding methods here. instance Yesod App where @@ -77,7 +80,7 @@ instance Yesod App where -- Store session data on the client in encrypted cookies, -- default session idle timeout is 120 minutes makeSessionBackend _ = sslOnlySessions . strictSameSiteSessions $ Just <$> defaultClientSessionBackend - 120 -- timeout in minutes + sessionLifetime "config/client_session_key.aes" -- Redirect static requests to a subdomain - this is recommended for best @@ -97,7 +100,7 @@ instance Yesod App where -- b) Validates that incoming write requests include that token in either a header or POST parameter. -- To add it, chain it together with the defaultMiddleware: yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware -- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package. - yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware + yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware . sslOnlyMiddleware sessionLifetime defaultLayout widget = do master <- getYesod