mirrors/actix-web
1
0
Fork 0
mirror of https://github.com/actix/actix-web.git synced 2024-06-02 13:29:24 +00:00
Code Issues Projects Releases Wiki Activity
actix-web/CHANGES.md
pando85 4fc99d4a6f
Fix audit issue logging by default peer address (#1485) 
* Fix audit issue logging by default peer address

By default log format include remote address that is taken from headers.
This is very easy to replace making log untrusted.

Changing default log format value `%a` to peer address we are getting
this trusted data always. Also, remote address option is maintianed and
relegated to `%{r}a` value.

Related  kanidm/kanidm#191.

* Rename peer/remote to remote_addr/realip_remote_addr

Change names to avoid naming confusions. I choose this accord to Nginx
variables and
[ngx_http_realip_module](https://nginx.org/en/docs/http/ngx_http_realip_module.html).

Add more specific documentation about security concerns of using Real IP
in logger.

* Rename security advertise header in doc

* Add fix audit issue logging by default peer adress to changelog

Co-authored-by: Rob Ede <robjtede@icloud.com>
2020-05-15 09:07:27 +09:00

9.2 KiB
Raw Blame History

Changes

[Unreleased]

Changed

  • Resources and Scopes can now access non-overridden data types set on App (or containing scopes) when setting their own data. #1486

  • Fix audit issue logging by default peer address #1485

  • Bump minimum supported Rust version to 1.40

[3.0.0-alpha.2] - 2020-05-08

Changed

  • {Resource,Scope}::default_service(f) handlers now support app data extraction. #1452
  • Implement std::error::Error for our custom errors #1422
  • NormalizePath middleware now appends trailing / so that routes of form /example/ respond to /example requests. #1433
  • Remove the failure feature and support.

[3.0.0-alpha.1] - 2020-03-11

Added

  • Add helper function for creating routes with TRACE method guard web::trace()
  • Add convenience functions test::read_body_json() and test::TestRequest::send_request() for testing.

Changed

  • Use sha-1 crate instead of unmaintained sha1 crate
  • Skip empty chunks when returning response from a Stream #1308
  • Update the time dependency to 0.2.7
  • Update actix-tls dependency to 2.0.0-alpha.1
  • Update rustls dependency to 0.17

[2.0.0] - 2019-12-25

Changed

  • Rename HttpServer::start() to HttpServer::run()

  • Allow to gracefully stop test server via TestServer::stop()

  • Allow to specify multi-patterns for resources

[2.0.0-rc] - 2019-12-20

Changed

  • Move BodyEncoding to dev module #1220

  • Allow to set peer_addr for TestRequest #1074

  • Make web::Data deref to Arc #1214

  • Rename App::register_data() to App::app_data()

  • HttpRequest::app_data<T>() returns Option<&T> instead of Option<&Data<T>>

Fixed

  • Fix AppConfig::secure() is always false. #1202

[2.0.0-alpha.6] - 2019-12-15

Fixed

  • Fixed compilation with default features off

[2.0.0-alpha.5] - 2019-12-13

Added

  • Add test server, test::start() and test::start_with()

[2.0.0-alpha.4] - 2019-12-08

Deleted

  • Delete HttpServer::run(), it is not useful witht async/await

[2.0.0-alpha.3] - 2019-12-07

Changed

  • Migrate to tokio 0.2

[2.0.0-alpha.1] - 2019-11-22

Changed

  • Migrated to std::future

  • Remove implementation of Responder for (). (#1167)

[1.0.9] - 2019-11-14

Added

  • Add Payload::into_inner method and make stored def::Payload public. (#1110)

Changed

  • Support Host guards when the Host header is unset (e.g. HTTP/2 requests) (#1129)

[1.0.8] - 2019-09-25

Added

  • Add Scope::register_data and Resource::register_data methods, parallel to App::register_data.

  • Add middleware::Condition that conditionally enables another middleware

  • Allow to re-construct ServiceRequest from HttpRequest and Payload

  • Add HttpServer::listen_uds for ability to listen on UDS FD rather than path, which is useful for example with systemd.

Changed

  • Make UrlEncodedError::Overflow more informativve

  • Use actix-testing for testing utils

[1.0.7] - 2019-08-29

Fixed

  • Request Extensions leak #1062

[1.0.6] - 2019-08-28

Added

  • Re-implement Host predicate (#989)

  • Form immplements Responder, returning a application/x-www-form-urlencoded response

  • Add into_inner to Data

  • Add test::TestRequest::set_form() convenience method to automatically serialize data and set the header in test requests.

Changed

  • Query payload made pub. Allows user to pattern-match the payload.

  • Enable rust-tls feature for client #1045

  • Update serde_urlencoded to 0.6.1

  • Update url to 2.1

[1.0.5] - 2019-07-18

Added

  • Unix domain sockets (HttpServer::bind_uds) #92

  • Actix now logs errors resulting in "internal server error" responses always, with the error logging level

Fixed

  • Restored logging of errors through the Logger middleware

[1.0.4] - 2019-07-17

Added

  • Add Responder impl for (T, StatusCode) where T: Responder

  • Allow to access app's resource map via ServiceRequest::resource_map() and HttpRequest::resource_map() methods.

Changed

  • Upgrade rand dependency version to 0.7

[1.0.3] - 2019-06-28

Added

  • Support asynchronous data factories #850

Changed

  • Use encoding_rs crate instead of unmaintained encoding crate

[1.0.2] - 2019-06-17

Changed

  • Move cors middleware to actix-cors crate.

  • Move identity middleware to actix-identity crate.

[1.0.1] - 2019-06-17

Added

  • Add support for PathConfig #903

  • Add middleware::identity::RequestIdentity trait to get_identity from HttpMessage.

Changed

  • Move cors middleware to actix-cors crate.

  • Move identity middleware to actix-identity crate.

  • Disable default feature secure-cookies.

  • Allow to test an app that uses async actors #897

  • Re-apply patch from #637 #894

Fixed

  • HttpRequest::url_for is broken with nested scopes #915

[1.0.0] - 2019-06-05

Added

  • Add Scope::configure() method.

  • Add ServiceRequest::set_payload() method.

  • Add test::TestRequest::set_json() convenience method to automatically serialize data and set header in test requests.

  • Add macros for head, options, trace, connect and patch http methods

Changed

  • Drop an unnecessary Option<_> indirection around ServerBuilder from HttpServer. #863

Fixed

  • Fix Logger request time format, and use rfc3339. #867

  • Clear http requests pool on app service drop #860

[1.0.0-rc] - 2019-05-18

Add

  • Add Query<T>::from_query() to extract parameters from a query string. #846
  • QueryConfig, similar to JsonConfig for customizing error handling of query extractors.

Changed

  • JsonConfig is now Send + Sync, this implies that error_handler must be Send + Sync too.

Fixed

  • Codegen with parameters in the path only resolves the first registered endpoint #841

[1.0.0-beta.4] - 2019-05-12

Add

  • Allow to set/override app data on scope level

Changed

  • App::configure take an FnOnce instead of Fn
  • Upgrade actix-net crates

[1.0.0-beta.3] - 2019-05-04

Added

  • Add helper function for executing futures test::block_fn()

Changed

  • Extractor configuration could be registered with App::data() or with Resource::data() #775

  • Route data is unified with app data, Route::data() moved to resource level to Resource::data()

  • CORS handling without headers #702

  • Allow to construct Data instances to avoid double Arc for Send + Sync types.

Fixed

  • Fix NormalizePath middleware impl #806

Deleted

  • App::data_factory() is deleted.

[1.0.0-beta.2] - 2019-04-24

Added

  • Add raw services support via web::service()

  • Add helper functions for reading response body test::read_body()

  • Add support for remainder match (i.e "/path/{tail}*")

  • Extend Responder trait, allow to override status code and headers.

  • Store visit and login timestamp in the identity cookie #502

Changed

  • .to_async() handler can return Responder type #792

Fixed

  • Fix async web::Data factory handling

[1.0.0-beta.1] - 2019-04-20

Added

  • Add helper functions for reading test response body, test::read_response() and test::read_response_json()`

  • Add .peer_addr() #744

  • Add NormalizePath middleware

Changed

  • Rename RouterConfig to ServiceConfig

  • Rename test::call_success to test::call_service

  • Removed ServiceRequest::from_parts() as it is unsafe to create from parts.

  • CookieIdentityPolicy::max_age() accepts value in seconds

Fixed

  • Fixed TestRequest::app_data()

[1.0.0-alpha.6] - 2019-04-14

Changed

  • Allow to use any service as default service.

  • Remove generic type for request payload, always use default.

  • Removed Decompress middleware. Bytes, String, Json, Form extractors automatically decompress payload.

  • Make extractor config type explicit. Add FromRequest::Config associated type.

[1.0.0-alpha.5] - 2019-04-12

Added

  • Added async io TestBuffer for testing.

Deleted

  • Removed native-tls support

[1.0.0-alpha.4] - 2019-04-08

Added

  • App::configure() allow to offload app configuration to different methods

  • Added URLPath option for logger

  • Added ServiceRequest::app_data(), returns Data<T>

  • Added ServiceFromRequest::app_data(), returns Data<T>

Changed

  • FromRequest trait refactoring

  • Move multipart support to actix-multipart crate

Fixed

  • Fix body propagation in Response::from_error. #760

[1.0.0-alpha.3] - 2019-04-02

Changed

  • Renamed TestRequest::to_service() to TestRequest::to_srv_request()

  • Renamed TestRequest::to_response() to TestRequest::to_srv_response()

  • Removed Deref impls

Removed

  • Removed unused actix_web::web::md()

[1.0.0-alpha.2] - 2019-03-29

Added

  • rustls support

Changed

  • use forked cookie

  • multipart::Field renamed to MultipartField

[1.0.0-alpha.1] - 2019-03-28

Changed

  • Complete architecture re-design.

  • Return 405 response if no matching route found within resource #538