- Support x-forwarded-for in Plug.RewriteOn
- Support MFArgs in Plug.RewriteOn
- Add immutable directive to versioned requests in
Plug.Static - Support disabling MIME type handling in
Plug.Static
- Fix bug with discarded connection state in
Plug.Debugger - Parse media types with underscores in them
- Do not crash on
max_ageset to nil (for consistency)
- Allow setting the port on the connection in tests
- Allow returning
{:ok, payload}on inform - Allow custom exceptions in
validate_utf8option - Allow skipping sent body on chunked replies
- Add
:assign_asoption toPlug.RequestId - Improve performance of
Plug.RequestId - Avoid clashes between Plug nodes
- Add specs to
Plug.BasicAuth - Fix a bug with non-string
_methodbody parameters inPlug.MethodOverride
- Relax requirement on
plug_crypto
- Add
Plug.Conn.get_session/3for default value - Allow
Plug.SSL.configure/1to accept all :ssl options - Optimize query decoding by 15% to 45% - this removes the previously deprecated
:limitMFA and:include_unnamed_parts_atfrom MULTIPART. This may be backwards incompatible for applications that were relying on ambiguous arguments, such asuser[][key]=1&user[][key]=2, which has unspecified parsing behaviour
- Properly deprecate
Plug.Adapters.Cowboybefore removal
- Add
nest_all_jsonoption to JSON parser - Make action on Plug.Debugger page look like a button
- Better formatting of exceptions on the error page
- Provide stronger response header validation
Require Elixir v1.10+.
- Add
Plug.Conn.prepend_req_headers/2andPlug.Conn.merge_req_headers/2 - Support adapter upgrades with
Plug.Conn.upgrade_adapter/3 - Add "Copy to Markdown" button in exception page
- Support exclusive use of tlsv1.3
- Make sure last parameter works within maps
- Deprecate server pushes as they are no longer supported by browsers
- Fix compile-time dependencies in Plug.Builder
- Support
:viainPlug.Router.forward/2
- Fix compile-time deps in Plug.Builder
- Do not require routes to be compile-time binaries in
Plug.Router.forward/2
- Improve deprecation warnings
- [Plug.Builder] Introduce
:copy_opts_to_assigninstead ofbuilder_opts/0 - [Plug.Router] Do not introduce compile-time dependencies in
Plug.Router
- [Plug.Router] Properly fix regression on Plug.Router helper function accidentally renamed
- [Plug.Router] Fix regression on Plug.Router helper function accidentally renamed
- [Plug.Builder] Do not add compile-time deps to literal options in function plugs
- [Plug.Parsers.MULTIPART] Allow custom conversion of multipart to parameters
- [Plug.Router] Allow suffix matches in the router (such as
/feeds/:name.atom) - [Plug.Session] Allow a list of
:rotating_optionsfor rotating session cookies - [Plug.Static] Allow a list of
:encodingsto be given for handling static assets - [Plug.Test] Raise an error when providing path not starting with "/"
- [Plug.Upload] Normalize paths coming from environment variables
- [Plug.Router] Mixing prefix matches with globs is deprecated
- [Plug.Parsers.MULTIPART] Deprecate
:include_unnamed_parts_at
- [Plug] Make sure module plugs are compile time dependencies if init mode is compile-time
- [Plug] Accept mime v2.0
- [Plug] Accept telemetry v1.0
- [Plug.Conn] Improve performance of UTF-8 validation
- [Plug.Conn.Adapter] Add API for creating a connection
- [Plug.Static] Allow MFA in
:from
- [Plug.Upload] Allow transfer of ownership in Plug.Upload
- [Plug.Debugger] Drop CSP Header when showing error via Plug.Debugger
- [Plug.Test] Populate
query_paramsfromPlug.Test.conn/3
- [Plug.RewriteOn] Add a new public to handle
x-forwardedheaders - [Plug.Router] Add macro for
headrequests
- [Plug.CSRFProtection] Do not crash if request body params are not available
- [Plug.Conn.Query] Conform
www-url-encodedparsing to whatwg spec
- [Plug.Parsers.MULTIPART] Deprecate passing MFA to MULTIPART in favor of a more composable approach
- [Plug.Conn] Automatically set secure when deleting cookies to fix compatibility with SameSite
- [Plug.SSL] Allow host exclusion to be checked dynamically
- [Plug.Router] Fix router telemetry event to follow Telemetry specification. This corrects the telemetry event added on v1.10.1.
- [Plug] Make
:telemetrya required dependency - [Plug.Test] Populate
:query_stringwhen params are passed in
- [Plug] Add
Plug.run/3for running multiple Plugs at runtime - [Plug] Add
Plug.forward/4for forwarding between Plugs
- [Plug.Conn] Add option to disable uft-8 validation on query strings
- [Plug.Conn] Support
:same_siteoption when writing cookies - [Plug.Router] Add router dispatch telemetry events
- [Plug.SSL] Support
:x_forwarded_hostand:x_forwarded_porton:rewrite_on
- [Plug.Test] Ensure parameters are converted to string keys
- [Plug.BasicAuth] Add
Plug.BasicAuth - [Plug.Conn] Add built-in support for signed and encrypted cookies
- [Plug.Exception] Allow to use atoms as statuses in the
plug_statusfield for exceptions
- [Plug.Router] Handle malformed URI as bad requests
- [Plug.Conn.Cookies] Make
decodesplit on;only, remove$-prefix condition - [Plug.CSRFProtection] Generate url safe CSRF masks
- [Plug.Parsers] Treat invalid content-types as parsing errors unless
:passis given - [Plug.Parsers] Ensure parameters are merged when falling back to
:passclause - [Plug.Parsers] Use HTTP status code 414 when query string is too long
- [Plug.SSL] Rewrite port when rewriting a request coming to a standard port
- [Plug] Make Plug fully compatible with new Elixir child specs
- [Plug.Exception] Add actions to exceptions that implement
Plug.Exceptionand render actions inPlug.Debuggererror page - [Plug.Parsers] Add option to skip utf8 validation
- [Plug.Parsers] Make multipart support MFA for
:lengthlimit - [Plug.Static] Accept MFA for
:headeroption
- When implementing the
Plug.Exceptionprotocol, if the newactionsfunction is not implemented, a warning will printed during compilation.
- [Plug.Builder] Ensure init_mode option is respected within the Plug.Builder DSL itself
- [Plug.Session] Fix dropping session with custom max_age
- [Plug.CSRFProtection] Increase entropy and ensure forwards compatibility with future URL-safe CSRF tokens
- [Plug.CSRFProtection] Allow state to be dumped from the session and provide an API to validate both state and tokens
- [Plug.Session.Store] Add
get/1to retrieve the store from a module/atom - [Plug.Static] Support Nginx range requests
- [Plug.Telemetry] Allow extra options in
Plug.Telemetrymetadata
- [Plug.Conn] Add
get_session/1for retrieving the whole session - [Plug.CSRFProtection] Add
Plug.CSRFPRotection.load_state/2andPlug.CSRFPRotection.dump_state/0to allow tokens to be generated in other processes - [Plug.Parsers] Allow unnamed parts in multipart parser via
:include_unnamed_parts_at - [Plug.Router] Wrap router dispatch in a connection checkpoint to avoid losing information attached to the connection in error cases
- [Plug.Telemetry] Add
Plug.Telemetryto facilitate with telemetry integration
- [Plug.Conn.Status] Use IANA registered status code for HTTP 425
- [Plug.RequestID] Reduce RequestID size by relying on base64 encoding
- [Plug.Static] Ensure etags are quoted correctly
- [Plug.Static] Ensure vary header is set in 304 response
- [Plug.Static] Omit content-encoding header in 304 responses
- [Plug.Parser.MULTIPART] Support UTF-8 filename encoding in multipart parser
- [Plug.Router] Add
builder_optssupport to:dispatchplug - [Plug.SSL] Do not disable client renegotiation
- [Plug.Upload] Raise when we can't write to disk during upload
- [Plug.Adapters.Cowboy] Less verbose output when plug_cowboy is missing
- [Plug.Adapters.Cowboy2] Less verbose output when plug_cowboy is missing
- [Plug] Require Elixir v1.4+
- [Plug.Session] Support MFAs for cookie session secrets
- [Plug.Test] Add
put_peer_data - [Plug.Adapters.Cowboy] Extract into plug_cowboy
- [Plug.Adapters.Cowboy2] Extract into plug_cowboy
- [Plug.SSL] Don't redirect excluded hosts on Plug.SSL
- [Plug] Applications may need to add
:plug_cowboyto your deps to use this version