Dominic Monroe
Dominic Monroe
If I `:produces` "application/json", then return `1`, I get: ``` java.lang.IllegalArgumentException: Don't know how to convert class java.lang.Integer into (stream-of io.netty.buffer.ByteBuf) at byte_streams$convert.invokeStatic(byte_streams.clj:196) at byte_streams$convert.invoke(byte_streams.clj:162) at aleph.netty$to_byte_buf_stream.invokeStatic(netty.clj:185) at aleph.netty$to_byte_buf_stream.invoke(netty.clj:184) at...
In particular, this relates to https://tools.ietf.org/html/rfc6749#section-5.1 where disabling the cache is mandated. This can be done manually though.
this doesn't exist, should be `:authentication` in: ``` (str "Welcome " (get-in ctx [:credentials :user])) ``` should be ``` (str "Welcome " (get-in ctx [:authentication :user])) ```
Given that parameters can be dynamic, a yada resource may need to authenticate differently based on what it is serving up. Because the :verify function isn't given access to the...
It would be really useful to know: - Input JSON - Parsed pre-coerced JSON In 400 (and some other 4xx?) handlers in order to maintain records about common errors when...
Doing dynamic X-Frame-Options as described in https://tools.ietf.org/html/rfc7034#section-2.3.2.3 is a pain, it would be nice if yada took a set of things to allow-from.
If not present, the resource redirects back to itself, which causes a 500.
Requires parsing the URI, and not using string concatenation to build the URI.
REF: https://tools.ietf.org/html/rfc7538 Cost: * POST -> GET might be depended upon behaviour by users of `redirect` (so new option/function) * not all clients understand the code (relatively new code dated...
Reference: https://www.owasp.org/index.php/HttpOnly Benefits: * Stops a common XSS attack Cost: * Cannot read/write the cookie from javascript, which is confusing behaviour. But I don't think this is a default behaviour...