All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- None.
- None.
- None.
- None
- cors: Only send a single origin in
Access-Control-Allow-Originheader when a list of allowed origins is configured (the previous behavior of sending a comma-separated list like for allowed methods and allowed headers is not allowed by any standard)
- fs: Add
ServeDir::{fallback, not_found_service}for calling another service if the file cannot be found (#243) - fs: Add
SetStatusto override status codes (#248) ServeDirandServeFilenow respond with405 Method Not Allowedto requests where the method isn'tGETorHEAD(#249)- cors: Added
CorsLayer::very_permissivewhich is likeCorsLayer::permissiveexcept it (truly) allows credentials. This is made possible by mirroring the request's origin as well as method and headers back as CORS-whitelisted ones (#237) - cors: Allow customizing the value(s) for the
Varyheader (#237)
- cors: Removed
allow-credentials: truefromCorsLayer::permissive. It never actually took effect in compliant browsers because it is mutually exclusive with the*wildcard (Any) on origins, methods and headers (#237) - cors: Rewrote the CORS middleware. Almost all existing usage patterns will continue to work. (BREAKING) (#237)
- cors: The CORS middleware will now panic if you try to use
Anyin combination with.allow_credentials(true). This configuration worked before, but resulted in browsers ignoring theallow-credentialsheader, which defeats the purpose of setting it and can be very annoying to debug (#237)
- fs: Fix content-length calculation on range requests (#228)
- Added
CatchPanicmiddleware which catches panics and converts them into500 Internal Serverresponses (#214)
- Make parsing of
Accept-Encodingmore robust (#220)
- Update to tokio-util 0.7 (#221)
- The CORS layer / service methods
allow_headers,allow_methods,allow_originandexpose_headersnow do nothing if given an emptyVec, instead of sending the respective header with an empty value (#218)
- Add
Varyheaders for CORS preflight responses (#216)
- Support
Last-Modified(and friends) headers inServeDirandServeFile(#145) - Add
AsyncRequireAuthorization::layer(#195)
- Fix build error for certain feature sets (#209)
Cors: SetVaryheader (#199)ServeDirandServeFile: Fix potential directory traversal attack due to improper path validation on Windows (#204)
- builder: Add
ServiceBuilderExtwhich adds methods totower::ServiceBuilderfor adding middleware from tower-http (#106) - request_id: Add
SetRequestIdandPropagateRequestIdmiddleware (#150) - trace: Add
DefaultMakeSpan::levelto make log level of tracing spans easily configurable (#124) - trace: Add
LatencyUnit::Secondsfor formatting latencies as seconds (#179) - trace: Support customizing which status codes are considered failures by
GrpcErrorsAsFailures(#189) - compression: Support specifying predicates to choose when responses should
be compressed. This can be used to disable compression of small responses,
responses with a certain
content-type, or something user defined (#172) - fs: Ability to serve precompressed files (#156)
- fs: Support
Rangerequests (#173) - fs: Properly support HEAD requests which return no body and have the
Content-Lengthheader set (#169)
AddAuthorization,InFlightRequests,SetRequestHeader,SetResponseHeader,AddExtension,MapRequestBodyandMapResponseBodynow requires underlying service to usehttp::Request<ReqBody>andhttp::Response<ResBody>as request and responses (#182) (BREAKING)- set_header: Remove unnecessary generic parameter from
SetRequestHeaderLayerandSetResponseHeaderLayer. This removes the need (and possibility) to specify a body type for these layers (#148) (BREAKING) - compression, decompression: Change the response body error type to
Box<dyn std::error::Error + Send + Sync>. This makes them usable if the body they're wrapping usesBox<dyn std::error::Error + Send + Sync>as its error type which they previously weren't (#166) (BREAKING) - fs: Change response body type of
ServeDirandServeFiletoServeFileSystemResponseBodyandServeFileSystemResponseFuture(#187) (BREAKING) - auth: Change
AuthorizeRequestandAsyncAuthorizeRequesttraits to be simpler (#192) (BREAKING)
- compression, decompression: Remove
BodyOrIoError. Its been replaced withBox<dyn std::error::Error + Send + Sync>(#166) (BREAKING) - compression, decompression: Remove the
compressionanddecompressionfeature. They were unnecessary andcompression-full/decompression-fullcan be used to get full compression/decompression support. For more granular control,[compression|decompression]-gzip,[compression|decompression]-brand[compression|decompression]-deflatemay be used instead (#170) (BREAKING)
- New middleware: Add
Corsfor setting CORS headers (#112) - New middleware: Add
AsyncRequireAuthorization(#118) Compression: Don't recompress HTTP responses (#140)CompressionandDecompression: Pass configuration from layer into middleware (#132)ServeDirandServeFile: Improve performance (#137)Compression: Remove needlessResBody::Error: Into<BoxError>bounds (#117)ServeDir: Percent decode path segments (#129)ServeDir: Use correct redirection status (#130)ServeDir: Return404 Not Foundon requests to directories ifappend_index_html_on_directoriesis set tofalse(#122)
- Add example of using
SharedClassifier. - Add
StatusInRangeAsFailureswhich is a response classifier that considers responses with status code in a certain range as failures. Useful for HTTP clients where both server errors (5xx) and client errors (4xx) are considered failures. - Implement
DebugforNeverClassifyEos. - Update iri-string to 0.4.
- Add
ClassifyResponse::map_failure_classandClassifyEos::map_failure_classfor transforming the failure classification using a function. - Clarify exactly when each
Tracecallback is called. - Add
AddAuthorizationLayerfor setting theAuthorizationheader on requests.
- Initial release.