-
Bug fixes
- Fix
:onlyand:only_matchingwhich were not bypassing requests unless both were enabled
- Fix
-
Enhancements
- Support reading of
conn.hostinPlug.Test - Add normalization of
:dhfilefor Cowboy's SSL options - Import error reporting and performance of
Plug.Static
- Support reading of
-
Enhancements
- Add
:only_matchingoption toPlug.Static
- Add
-
Bug fixes
- Return 400 from
Plug.Staticon invalid paths - Ensure
Plug.Uploaddoes not error out on invalid access - Ensure query string errors return 400
- Return 400 from
-
Enhancements
- Raise on cookie overflow
- Log (with :debug level) when session cookie cannot be decoded
-
Bug fixes
- Ensure Plug.Parsers fail with request too large even when read_length > length
-
Enhancements
- Add
:brotlitoPlug.Static
- Add
-
Bug fixes
- Fixed session verification when token may have the
--separator
- Fixed session verification when token may have the
- Enhancements
- Only log errors if the exception has 5xx status code
- Warn when rendering non 5xx status code in Plug.Debugger
- Use URL safe variant on crypto (old tokens are still valid but new ones will be generated)
- Allow custom content-type when passing a map body in
Plug.Test
-
Enhancements
- Raise if new lines are used in header values
-
Bug fix
- Allow mime type lookup of uppercase extensions
- Do not validate uppercase headers in production to avoid performance hits
- Prevent Plug.Parsers from clobbering existing conn.params when part of it is unfetched
- Bug fix
- Ensure cookie store returns a Session ID so they can be dropped
- Enhancements
- Allow configuring all options supported by the underlying transport (i.e. cowboy)
-
Enhancements
- Allow custom headers in
Plug.Static
- Allow custom headers in
-
Bug fix
- No longer automatically assume "priv" for cert and key files for Cowboy SSL
- Raise if response has been sent more than once in test connection
- Raise when body is nil on
Plug.Conn.resp/3 - Show more info and escape messages in
Plug.Debugger
-
Enhancements
- Support
:rewrite_ononPlug.SSL - Add
Plug.Conn.merge_resp_headers/2
- Support
-
Bug fix
- Ensure message encryptor and verifier do not error on bad data
-
Enhancements
- Add
conn.request_path - Raise if
put_session/3is invoked when response is sent
- Add
-
Bug fixes
- Fix empty params being encoded into query string as '&'
-
Deprecations
Plug.Conn.full_path/2is deprecated in favor ofconn.request_pathPlug.Test.put_req_header/3andPlug.Test.delete_req_header/3is deprecated in favor of similarly named functions inPlug.Conn
-
Enhancements
- Raise if a header in upcase is given
- Store timestamps in sessions ETS table and document each entry format
- Allow private options when specifying routes in
Plug.Router - Allow the session to be cleared and ignored when an invalid CSRF token is given
- Allow log level to be configured in
Plug.Logger - Generate masked CSRF tokens to avoid BREACH attacks
-
Backwards incompatible changes
Plug.Loggerno longer sets the request id. UsePlug.RequestIdinstead
-
Enhancements
- Add
Plug.HTML
- Add
-
Bug fixes
- Do not crash on poorly encoded cookies
- Decode parameters before matching on the router
-
Enhancements
- Add
Plug.SSLwith redirection from HTTP and HSTS support - Remove the need for
:encryptoption fromPlug.Session.COOKIE. The need for encryption can be fully specified by passing:encrypted_saltoption. This improvement is backwards compatible.
- Add
-
Bug fixes
- Ensure we don't parse body params if they were already parsed
-
Enhancements
- Add
query_paramsandbody_paramsto keep query and body parameters apart fromparams - Allow custom encoders when encoding query parameters
- Assert valid utf-8 on url encoded and multipart bodies
- Add
-
Bug fixes
- Use only body parameters when detecting method override
- Add Vary header when serving gzipped content in Plug.Static
-
Deprecations
fetch_params/2is deprecated in favor offetch_query_params/2
-
Bug fixes
- Ensure test adapter reuses the given connection
-
Deprecations
- The
:headersoption inPlug.Test.conn/4is deprecated in favor ofput_req_header/3
- The
-
Enhancements
- Add
:log_on_haltoption toPlug.BuilderandPlug.Router - Use raw files and delayed writes on upload
- Add
-
Bug fixes
- Do not read the whole request body at once
- Improve performance of url encoded params
-
Deprecations
Plug.Builder.compile/1andPlug.Builder.compile/2are deprecated in favor of explicitPlug.Builder.compile/3
-
Enhancements
- Allow Plug mimes to be configured via application environment
- Extend JSON parser to be compatible with all json compatible content types. This includes types with suffix
+json - Add
Plug.Conn.clear_session/1
-
Bug fixes
- Do not require cowboy at compile time
- Also parse request bodies on DELETE requests
-
Enhancements
- Add
Plug.Conn.async_assign/3andPlug.Conn.await_assign/3to start and await for assigns asynchronously, mimic'ingTask.async/1andTask.await/2behaviour - Add
Plug.Conn.WrapperErrorto propagate an error with the connection for better debugging by eitherPlug.DebuggerorPlug.ErrorHandler - Add
Plug.Conn.update_resp_header/4to update a response header or set its initial value if not present
- Add
-
Bug fixes
- Skip parsing of files when no filename is sent
- Fix how script_name are accumulated with multiple calls to
Plug.Router.forward/2
-
Backwards incompatible changes
Plug.CSRFProtectionnow uses a session to store tokens. Tokens are now generated on demand and can be accessed viaPlug.CSRFProtection.get_csrf_token/0
-
Enhancements
- Add
:onlyoption toPlug.Staticto avoid all requests triggering file system queries - Add ETag management to
Plug.Staticwhen requests to not contain a versioned query string - Enforce atom or string keys in
Plug.Conn.put_session/3and friends and normalize keys to strings
- Add
-
Bug fixes
- Add UTF-8 tag to debugger templates
-
Backwards incompatible changes
Plug.CSRFProtectionnow uses a cookie instead of session and expects a"_csrf_token"parameter instead of"csrf_token"
-
Enhancements
- Add
Plug.Conn.full_path/1 - Add
Plug.CSRFProtectionthat adds cross-forgery protection - Add
Plug.ErrorHandlerthat allows an error page to be sent on crashes (instead of a blank one) - Support host option in
Plug.Router
- Add
-
Backwards incompatible changes
- Add
Plug.Router.Utils.build_match/1was renamed tobuild_path_match/1
- Add
-
Bug fixes
- Clean up
{:plug_conn, :sent}messages from listener inbox and ensure connection works accross processes
- Clean up
-
Deprecations
- Deprecate
recycle/2in favor ofrecycle_cookiesin Plug.Test
- Deprecate
-
Enhancements
- Use PKCS7 padding in MessageEncryptor (the same as OpenSSL)
- Add support for custom serializers in cookie session store
- Allow customization of key generation in cookie session store
- Automatically import
Plug.Connin Plug builder - Render errors from Plug when using Ranch/Cowboy nicely
- Provide
Plug.Crypto.secure_compare/2for comparing binaries - Add
Plug.Debuggerfor helpful pages whenever there is a failure during a request
-
Deprecations
- Deprecate
:acceptin favor of:passin Plug.Parsers
- Deprecate
-
Enhancements
- Add
Plug.Conn.Utils.media_type/1to provide media type parsing with wildcard support - Do not print adapter data by default when inspecting the connection
- Allow plug_status to simplify the definition of plug aware exceptions
- Allow cache headers in
Plug.Staticto be turned off
- Add
-
Bug fix
- Support dots on header parameter parsing
-
Enhancements
- Add a
Plug.Parsers.JSONthat expects a JSON decoder as argument
- Add a
-
Bug fix
- Properly populate
paramsfield for test connections - Fix
Plug.Loggernot reporting the proper path
- Properly populate
-
Enhancements
- Add
fetch_session/2,fetch_params/2andfetch_cookies/2so they can be pluggable - Raise an error message on invalid router indentifiers
- Add
put_status/2and support atom status codes - Add
secret_key_basefield to the connection
- Add
-
Backwards incompatible changes
- Add
encryption_saltandsigning_saltto the CookieStore and derive actual keys fromsecret_key_base
- Add
-
Enhancements
- Support Elixir 1.0.0-rc1
- Support haltable pipelines with
Plug.Conn.halt/2 - Ensure both Plug.Builder and Plug.Router's
call/2are overridable
-
Bug fix
- Properly report times in Logger
-
Backwards incompatible changes
- Remove support for Plug wrappers
- Enhancements
- Add
Plug.Logger - Add
conn.peerandconn.remote_ip - Add
Plug.Conn.sendfile/5 - Allow
call/2fromPlug.Builderto be overridable
- Add
- Enhancements
- Update to Cowboy v1.0.0
- Update mime types list
- Update to Elixir v0.15.0
- Enhancements
- Update to Elixir v0.14.3
- Cowboy adapter now returns
{:error,:eaddrinuse}when port is already in use - Add
Plug.Test.recycle/2that copies relevant data between connections for future requests
-
Enhancements
- Add ability to configure when
Plug.ParsersraisesUnsupportedMediaTypeError - Add
Plug.Conn.Query.encode/1 - Add
CookieStorefor session
- Add ability to configure when
-
Bug fixes
- Ensure plug parses content-type with CRLF as LWS
-
Enhancements
- Update to Elixir v0.14.0
- Update Cowboy adapter to v0.10.0
- Add
Plug.Conn.read_body/2
-
Backwards incompatible changes
Plug.Parsersnow expect:lengthinstead of:limitand also accept:read_lengthand:read_timeout
- Enhancements
- Update to Elixir v0.13.3
- Enhancements
- Update to Elixir v0.13.2
- Enhancements
- Update to Elixir v0.13.1
- Enhancements
- Remove
:mimedependency in favor ofPlug.MIME - Improve errors when Cowboy is not available
- First hex package release
- Remove
-
Enhancements
- Support
before_send/1callbacks - Add
Plug.Static - Allow iodata as the body
- Do not allow response headers to be set if the response was already sent
- Add
Plug.Conn.privateto be used as storage by libraries/frameworks - Add
get_req_headerandget_resp_headerfor fetching request and response headers
- Support
-
Backwards incompatible changes
Plug.Connectionwas removed in favor ofPlug.ConnPlug.Connis now a struct- assigns, cookies, params and sessions have been converted to maps
- Definition of the Plug specification