dream-httpaf.opam

@@ -38,8 +38,10 @@ depends: [
   "digestif" {>= "0.7.2"}  # websocket/af, sha1, default implementation.
   "faraday" {>= "0.6.1"}
   "faraday-lwt-unix"
+  "ke" {>= "0.5"}  # Gluten.
   "lwt_ssl" {>= "1.2.0"}  # Gluten.
   "psq"  # h2.
+  "result"  # websocket/af.
 ]
 
 build: [

dream-mirage.opam

@@ -56,7 +56,6 @@ depends: [
   "dune" {>= "2.7.0"}
   "duration"
   "emile" {>= "1.1"}
-  "ke" {>= "0.4"}  # paf.
   "letsencrypt" {>= "0.3.0"}
   "lwt"
   "lwt_ppx" {>= "1.2.2"}

src/dream.mli

@@ -1000,8 +1000,6 @@ val form : ?csrf:bool -> request -> (string * string) list form_result promise
     The call must be done under a session middleware, since each CSRF token is
     scoped to a session. See {!section-sessions}.
 
-    CSRF token checking can be bypassed by passing [~csrf:false].
-
     The returned form fields are sorted in alphabetical order for reliable
     pattern matching. This is because browsers can transmit the form fields in a
     different order from how they appear in the HTML:

src/vendor/dune

@@ -9,6 +9,7 @@
   (libraries
    bigstringaf
    faraday
+   ke
   )))
 
 (subdir gluten/lwt
@@ -89,6 +90,7 @@
    faraday
    dream-httpaf.dream-gluten
    dream-httpaf.dream-httpaf_
+   result
   )))
 
 (subdir websocketaf/lwt
@@ -151,6 +153,7 @@
    dream-httpaf.dream-hpack
    dream-httpaf.dream-httpaf_
    psq
+   result
   )))
 
 (subdir h2/lwt

src/vendor/gluten

@@ -1 +1 @@
-Subproject commit 59e630be097c8c48c4bfaf3df28ca8f40d1a333f
+Subproject commit 22ccc110dbe469d38c1363124cf10afd7766aab7

src/vendor/h2

@@ -1 +1 @@
-Subproject commit 3ce5740ecf7c92c892d5d20684483935ebb5b2e8
+Subproject commit 68669ef33aa93ce37cd1ac39e82f918983c418d5

src/vendor/httpaf

@@ -1 +1 @@
-Subproject commit 94254931d6e9efd4d304683ba7d1d4e001a506c5
+Subproject commit e2d080035a837d345182e0a66f46def18ac7bcdb

src/vendor/websocketaf

@@ -1 +1 @@
-Subproject commit aacd79aafbb5b375b1514a76260adb48c1d70eb8
+Subproject commit 7530659c8a3fd1beed5197acde37dc7a20acd0af