servant/servant-auth/servant-auth-server/CHANGELOG.md

# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [PVP Versioning](https://pvp.haskell.org/).

## [Unreleased]

## [0.4.6.0] - 2020-10-06

## Changed

- expose verifyJWT and use it in two places [@domenkozar]
- support GHC 8.10 [@domenkozar]
- move ToJWT/FromJWT to servant-auth [@erewok]
- #165 fix AnySite with Cookie 3.5.0 [@odr]

## [0.4.5.1] - 2020-02-06

## Changed

- #158 servant 0.17 support [@phadej]

## [0.4.5.0] - 2019-12-28

## Changed
- #144 servant 0.16 support and drop GHC 7.10 support [@domenkozar]
- #148 removed unused constaint in HasServer instance for Auth 
- #154 GHC 8.8 support [@phadej]

### Added
- #141 Support Stream combinator [@domenkozar]
- #143 Allow servant-0.16 [@phadej]

## [0.4.4.0] - 2019-03-02

### Added
- #141 Support Stream combinator [@domenkozar]
- #143 Allow servant-0.16 [@phadej]

## [0.4.3.0] - 2019-01-17

## Changed
- #117 Avoid running auth checks unnecessarily [@sopvop]
- #110 Get rid of crypto-api dependency [@domenkozar]
- #130 clearSession: improve cross-browser compatibility [@domenkozar]
- #136 weed out bytestring-conversion [@stephenirl]

## [0.4.2.0] - 2018-11-05

### Added
- `Headers hs a` instance for AddSetCookieApi [@domenkozar]
- GHC 8.6.x support [@domenkozar]

## [0.4.1.0] - 2018-10-05

### Added
- #125 Allow setting domain name for a cookie [@domenkozar]

## Changed
- bump http-api-data to 0.3.10 that includes Cookie orphan instances previously located in servant-auth-server [@phadej]
- #114 Export `HasSecurity` typeclass [@rockbmb]

## [0.4.0.1] - 2018-09-23

### Security
- #123 Session cookie did not apply SameSite attribute [@domenkozar]

### Added
- #112 HasLink instance for Auth combinator [@adetokunbo]
- #111 Documentation for using hoistServer [@mschristiansen]
- #107 Add utility functions for reading and writing a key to a file [@mschristiansen]

## [0.4.0.0] - 2018-06-17

### Added
- Support GHC 8.4 by @phadej and @domenkozar
- Support for servant-0.14 by @phadej
- #96 Support for jose-0.7 by @xaviershay
- #92 add `clearSession` for logout by @plredmond and @3noch
- #95 makeJWT: allow setting Alg via defaultJWTSettings by @domenkozar
- #89 Validate JWT against a JWKSet instead of JWK by @sopvop

### Changed
- #92 Rename CSRF to XSRF by @plredmond and @3noch
- #92 extract 'XsrfCookieSettings' from 'CookieSettings' and make XSRF checking optional
  by @plredmond and @3noch
- #69 export SameSite by @domenkozar
- #102 Reuse Servant.Api.IsSecure instead of duplicating ADT by @domenkozar

### Deprecated
- #92 Renamed 'makeCsrfCookie' to 'makeXsrfCookie' and marked the former as deprecated
  by @plredmond and @3noc
- #92 Made several changes to the structure of 'CookieSettings' which will require
  attention by users who have modified the XSRF settings by @plredmond and @3noch

### Security
- #94 Force cookie expiration on serverside by @karshan

## [0.3.2.0] - 2018-02-21

### Added
- #76 Export wwwAuthenticatedErr and elaborate its annotation by @defanor
- Support for servant-0.14 by @phadej

### Changed
- Disable the readme executable for ghcjs builds by @hamishmack
- #84 Make AddSetCookieApi type family open by @qnikst
- #79 Make CSRF checks optional for GET requests by @harendra-kumar

## [0.3.1.0] - 2017-11-08

### Added
- Support for servant-0.12 by @phadej

## [0.3.0.0] - 2017-11-07

### Changed
- #47 'cookiePath' and 'xsrfCookiePath' added to 'CookieSettings' by @mchaver

## [0.2.8.0] - 2017-05-26

### Added
- #45 Support for servant-0.11 by @phadej

## [0.2.7.0] - 2017-02-11

### Changed
- #27 #41 'acceptLogin' and 'makeCsrfCookie' functions by @bts
repatriation of servant-auth in the main servant repo 2021-10-26 16:08:30 +02:00			`# Changelog`

			`All notable changes to this project will be documented in this file.`

			`The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)`
			`and this project adheres to [PVP Versioning](https://pvp.haskell.org/).`

			`## [Unreleased]`

			`## [0.4.6.0] - 2020-10-06`

			`## Changed`

			`- expose verifyJWT and use it in two places [@domenkozar]`
			`- support GHC 8.10 [@domenkozar]`
			`- move ToJWT/FromJWT to servant-auth [@erewok]`
			`- #165 fix AnySite with Cookie 3.5.0 [@odr]`

			`## [0.4.5.1] - 2020-02-06`

			`## Changed`

			`- #158 servant 0.17 support [@phadej]`

			`## [0.4.5.0] - 2019-12-28`

			`## Changed`
			`- #144 servant 0.16 support and drop GHC 7.10 support [@domenkozar]`
			`- #148 removed unused constaint in HasServer instance for Auth`
			`- #154 GHC 8.8 support [@phadej]`

			`### Added`
			`- #141 Support Stream combinator [@domenkozar]`
			`- #143 Allow servant-0.16 [@phadej]`

			`## [0.4.4.0] - 2019-03-02`

			`### Added`
			`- #141 Support Stream combinator [@domenkozar]`
			`- #143 Allow servant-0.16 [@phadej]`

			`## [0.4.3.0] - 2019-01-17`

			`## Changed`
			`- #117 Avoid running auth checks unnecessarily [@sopvop]`
			`- #110 Get rid of crypto-api dependency [@domenkozar]`
			`- #130 clearSession: improve cross-browser compatibility [@domenkozar]`
			`- #136 weed out bytestring-conversion [@stephenirl]`

			`## [0.4.2.0] - 2018-11-05`

			`### Added`
			- `Headers hs a` instance for AddSetCookieApi [@domenkozar]
			`- GHC 8.6.x support [@domenkozar]`

			`## [0.4.1.0] - 2018-10-05`

			`### Added`
			`- #125 Allow setting domain name for a cookie [@domenkozar]`

			`## Changed`
			`- bump http-api-data to 0.3.10 that includes Cookie orphan instances previously located in servant-auth-server [@phadej]`
			- #114 Export `HasSecurity` typeclass [@rockbmb]

			`## [0.4.0.1] - 2018-09-23`

			`### Security`
			`- #123 Session cookie did not apply SameSite attribute [@domenkozar]`

			`### Added`
			`- #112 HasLink instance for Auth combinator [@adetokunbo]`
			`- #111 Documentation for using hoistServer [@mschristiansen]`
			`- #107 Add utility functions for reading and writing a key to a file [@mschristiansen]`

			`## [0.4.0.0] - 2018-06-17`

			`### Added`
			`- Support GHC 8.4 by @phadej and @domenkozar`
			`- Support for servant-0.14 by @phadej`
			`- #96 Support for jose-0.7 by @xaviershay`
			- #92 add `clearSession` for logout by @plredmond and @3noch
			`- #95 makeJWT: allow setting Alg via defaultJWTSettings by @domenkozar`
			`- #89 Validate JWT against a JWKSet instead of JWK by @sopvop`

			`### Changed`
			`- #92 Rename CSRF to XSRF by @plredmond and @3noch`
			`- #92 extract 'XsrfCookieSettings' from 'CookieSettings' and make XSRF checking optional`
			`by @plredmond and @3noch`
			`- #69 export SameSite by @domenkozar`
			`- #102 Reuse Servant.Api.IsSecure instead of duplicating ADT by @domenkozar`

			`### Deprecated`
			`- #92 Renamed 'makeCsrfCookie' to 'makeXsrfCookie' and marked the former as deprecated`
			`by @plredmond and @3noc`
			`- #92 Made several changes to the structure of 'CookieSettings' which will require`
			`attention by users who have modified the XSRF settings by @plredmond and @3noch`

			`### Security`
			`- #94 Force cookie expiration on serverside by @karshan`

			`## [0.3.2.0] - 2018-02-21`

			`### Added`
			`- #76 Export wwwAuthenticatedErr and elaborate its annotation by @defanor`
			`- Support for servant-0.14 by @phadej`

			`### Changed`
			`- Disable the readme executable for ghcjs builds by @hamishmack`
			`- #84 Make AddSetCookieApi type family open by @qnikst`
			`- #79 Make CSRF checks optional for GET requests by @harendra-kumar`

			`## [0.3.1.0] - 2017-11-08`

			`### Added`
			`- Support for servant-0.12 by @phadej`

			`## [0.3.0.0] - 2017-11-07`

			`### Changed`
			`- #47 'cookiePath' and 'xsrfCookiePath' added to 'CookieSettings' by @mchaver`

			`## [0.2.8.0] - 2017-05-26`

			`### Added`
			`- #45 Support for servant-0.11 by @phadej`

			`## [0.2.7.0] - 2017-02-11`

			`### Changed`
			`- #27 #41 'acceptLogin' and 'makeCsrfCookie' functions by @bts`