Anton Bachin

Some of these are already used internally by Dream, or are variants of what is already used: - [ ] Signing only. - [x] Encryption with associated data. ffd5970f7a4c492b3c25b1c1d17d0d2d511414d7 -...

Session improvements: re-keying, signing, laziness, GC, etc.

4

- [ ] [Session re-keying](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renewal-timeout) - [ ] Sign session tokens to reduce database access by random client-generated tokens. - [x] Version the token format for transparent upgrades of the...

...which would allow opting in to, one by one, trusting: - [ ] [`X-Forwarded-Host`, `Forwarded`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded) — likely needed for [`Dream.origin_referer_check`](https://aantron.github.io/dream/#val-origin_referer_check) AJAX CSRF protection. - [ ] [`X-Forwarded-For`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For) - [ ]...

- [x] https://github.com/anmonteiro/websocketaf/issues/33 - [ ] https://github.com/anmonteiro/websocketaf/issues/34 - [ ] https://github.com/anmonteiro/websocketaf/issues/35 - [x] https://github.com/anmonteiro/websocketaf/issues/36 - [x] https://github.com/anmonteiro/websocketaf/issues/39 - [ ] https://github.com/anmonteiro/websocketaf/issues/40

See https://paper.seebug.org/1049/. Most of this belongs in http/af, but it should also be considered on the framework end, especially in case of no-network testing.

- [ ] There is already file upload [string streaming](https://aantron.github.io/dream/#streaming-upload) exposed. Dream may need to expose bigstring streaming for zero-copy uploads. - [x] [WebSocket](https://aantron.github.io/dream/#websockets) ~~frame-by-frame~~ chunk-by-chunk streaming of large messages....

The middlewares are internally quite decoupled, but then configured with defaults that make some of them rely on others. Add: - [x] Add [`Dream.form`](https://aantron.github.io/dream/#val-form), [`Dream.multipart`](https://aantron.github.io/dream/#val-multipart) `~csrf:false` or `~csrf:my_function` for no...

eml editor support

4

Would solve the underlying issues of #55, but might be major work. cc @tmattio

How to run the Mirage example locally?

3

@dinosaure, what would a person new to Mirage (such as myself) do to run the Mirage example locally? Ideally, the basic Mirage example would show such instructions. It can have...