All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- None.
- None.
- None.
- None
- cors: Only send a single origin in
Access-Control-Allow-Origin
header when a list of allowed origins is configured (the previous behavior of sending a comma-separated list like for allowed methods and allowed headers is not allowed by any standard)
- fs: Add
ServeDir::{fallback, not_found_service}
for calling another service if the file cannot be found (#243) - fs: Add
SetStatus
to override status codes (#248) ServeDir
andServeFile
now respond with405 Method Not Allowed
to requests where the method isn'tGET
orHEAD
(#249)- cors: Added
CorsLayer::very_permissive
which is likeCorsLayer::permissive
except it (truly) allows credentials. This is made possible by mirroring the request's origin as well as method and headers back as CORS-whitelisted ones (#237) - cors: Allow customizing the value(s) for the
Vary
header (#237)
- cors: Removed
allow-credentials: true
fromCorsLayer::permissive
. It never actually took effect in compliant browsers because it is mutually exclusive with the*
wildcard (Any
) on origins, methods and headers (#237) - cors: Rewrote the CORS middleware. Almost all existing usage patterns will continue to work. (BREAKING) (#237)
- cors: The CORS middleware will now panic if you try to use
Any
in combination with.allow_credentials(true)
. This configuration worked before, but resulted in browsers ignoring theallow-credentials
header, which defeats the purpose of setting it and can be very annoying to debug (#237)
- fs: Fix content-length calculation on range requests (#228)
- Added
CatchPanic
middleware which catches panics and converts them into500 Internal Server
responses (#214)
- Make parsing of
Accept-Encoding
more robust (#220)
- Update to tokio-util 0.7 (#221)
- The CORS layer / service methods
allow_headers
,allow_methods
,allow_origin
andexpose_headers
now do nothing if given an emptyVec
, instead of sending the respective header with an empty value (#218)
- Add
Vary
headers for CORS preflight responses (#216)
- Support
Last-Modified
(and friends) headers inServeDir
andServeFile
(#145) - Add
AsyncRequireAuthorization::layer
(#195)
- Fix build error for certain feature sets (#209)
Cors
: SetVary
header (#199)ServeDir
andServeFile
: Fix potential directory traversal attack due to improper path validation on Windows (#204)
- builder: Add
ServiceBuilderExt
which adds methods totower::ServiceBuilder
for adding middleware from tower-http (#106) - request_id: Add
SetRequestId
andPropagateRequestId
middleware (#150) - trace: Add
DefaultMakeSpan::level
to make log level of tracing spans easily configurable (#124) - trace: Add
LatencyUnit::Seconds
for formatting latencies as seconds (#179) - trace: Support customizing which status codes are considered failures by
GrpcErrorsAsFailures
(#189) - compression: Support specifying predicates to choose when responses should
be compressed. This can be used to disable compression of small responses,
responses with a certain
content-type
, or something user defined (#172) - fs: Ability to serve precompressed files (#156)
- fs: Support
Range
requests (#173) - fs: Properly support HEAD requests which return no body and have the
Content-Length
header set (#169)
AddAuthorization
,InFlightRequests
,SetRequestHeader
,SetResponseHeader
,AddExtension
,MapRequestBody
andMapResponseBody
now requires underlying service to usehttp::Request<ReqBody>
andhttp::Response<ResBody>
as request and responses (#182) (BREAKING)- set_header: Remove unnecessary generic parameter from
SetRequestHeaderLayer
andSetResponseHeaderLayer
. This removes the need (and possibility) to specify a body type for these layers (#148) (BREAKING) - compression, decompression: Change the response body error type to
Box<dyn std::error::Error + Send + Sync>
. This makes them usable if the body they're wrapping usesBox<dyn std::error::Error + Send + Sync>
as its error type which they previously weren't (#166) (BREAKING) - fs: Change response body type of
ServeDir
andServeFile
toServeFileSystemResponseBody
andServeFileSystemResponseFuture
(#187) (BREAKING) - auth: Change
AuthorizeRequest
andAsyncAuthorizeRequest
traits to be simpler (#192) (BREAKING)
- compression, decompression: Remove
BodyOrIoError
. Its been replaced withBox<dyn std::error::Error + Send + Sync>
(#166) (BREAKING) - compression, decompression: Remove the
compression
anddecompression
feature. They were unnecessary andcompression-full
/decompression-full
can be used to get full compression/decompression support. For more granular control,[compression|decompression]-gzip
,[compression|decompression]-br
and[compression|decompression]-deflate
may be used instead (#170) (BREAKING)
- New middleware: Add
Cors
for setting CORS headers (#112) - New middleware: Add
AsyncRequireAuthorization
(#118) Compression
: Don't recompress HTTP responses (#140)Compression
andDecompression
: Pass configuration from layer into middleware (#132)ServeDir
andServeFile
: Improve performance (#137)Compression
: Remove needlessResBody::Error: Into<BoxError>
bounds (#117)ServeDir
: Percent decode path segments (#129)ServeDir
: Use correct redirection status (#130)ServeDir
: Return404 Not Found
on requests to directories ifappend_index_html_on_directories
is set tofalse
(#122)
- Add example of using
SharedClassifier
. - Add
StatusInRangeAsFailures
which is a response classifier that considers responses with status code in a certain range as failures. Useful for HTTP clients where both server errors (5xx) and client errors (4xx) are considered failures. - Implement
Debug
forNeverClassifyEos
. - Update iri-string to 0.4.
- Add
ClassifyResponse::map_failure_class
andClassifyEos::map_failure_class
for transforming the failure classification using a function. - Clarify exactly when each
Trace
callback is called. - Add
AddAuthorizationLayer
for setting theAuthorization
header on requests.
- Initial release.