Age | Commit message (Collapse) | Author |
|
Raw HTML is potentially dangerous so it's better to provide an
encapsulating type instead of relying on naked strings.
bump version to 0.3.3
|
|
bump version to 0.3.2
|
|
This commit gets rid of the CsrfToken type,
simplifying submission handling:
// before
let csrf_token = req.csrf_token(&mut response);
let msg: FormData = body.into_form_csrf(&csrf_token).await?;
// after
let msg: FormData = body.into_form_csrf(req).await?;
As well as HTML input retrieval:
// before
req.csrf_token(&mut response).html_input();
// after
req.csrf_html_input(&mut response);
This commit also merges the CsrfError type into CsrfProtectedFormError.
bump version to 0.3.1
|
|
bump version to 0.3.0
|
|
Users also want to short-circuit error types from other crates but they
cannot define a From conversion between two foreign types.
Sputnik's error type also didn't allow for proper error logging.
bump version to 0.2.3
|
|
bump version to 0.2.2
|
|
bump version to 0.2.1
|
|
|
|
Originally the into_ functions actually consumed the request but I
changed that to make request information like URI and method still
accessible after the request has been read.
Not consuming the Request however allows e.g. into_form() to be called
twice, which results in a panic since the body can only be read once.
This commit splits the Request wrapper into two wrappers Parts & Body,
allowing the borrow checker to guarantee that the body is only consumed
once, while keeping the other request information accessible after the
body has been consumed.
Version bumped to 0.2.0.
|
|
|