* Fix audit issue logging by default peer address By default log format include remote address that is taken from headers. This is very easy to replace making log untrusted. Changing default log format value `%a` to peer address we are getting this trusted data always. Also, remote address option is maintianed and relegated to `%{r}a` value. Related kanidm/kanidm#191. * Rename peer/remote to remote_addr/realip_remote_addr Change names to avoid naming confusions. I choose this accord to Nginx variables and [ngx_http_realip_module](https://nginx.org/en/docs/http/ngx_http_realip_module.html). Add more specific documentation about security concerns of using Real IP in logger. * Rename security advertise header in doc * Add fix audit issue logging by default peer adress to changelog Co-authored-by: Rob Ede <robjtede@icloud.com>
9.2 KiB
Changes
[Unreleased]
Changed
-
Resources and Scopes can now access non-overridden data types set on App (or containing scopes) when setting their own data. #1486
-
Fix audit issue logging by default peer address #1485
-
Bump minimum supported Rust version to 1.40
[3.0.0-alpha.2] - 2020-05-08
Changed
{Resource,Scope}::default_service(f)
handlers now support app data extraction. #1452- Implement
std::error::Error
for our custom errors #1422 - NormalizePath middleware now appends trailing / so that routes of form /example/ respond to /example requests. #1433
- Remove the
failure
feature and support.
[3.0.0-alpha.1] - 2020-03-11
Added
- Add helper function for creating routes with
TRACE
method guardweb::trace()
- Add convenience functions
test::read_body_json()
andtest::TestRequest::send_request()
for testing.
Changed
- Use
sha-1
crate instead of unmaintainedsha1
crate - Skip empty chunks when returning response from a
Stream
#1308 - Update the
time
dependency to 0.2.7 - Update
actix-tls
dependency to 2.0.0-alpha.1 - Update
rustls
dependency to 0.17
[2.0.0] - 2019-12-25
Changed
-
Rename
HttpServer::start()
toHttpServer::run()
-
Allow to gracefully stop test server via
TestServer::stop()
-
Allow to specify multi-patterns for resources
[2.0.0-rc] - 2019-12-20
Changed
-
Move
BodyEncoding
todev
module #1220 -
Allow to set
peer_addr
for TestRequest #1074 -
Make web::Data deref to Arc #1214
-
Rename
App::register_data()
toApp::app_data()
-
HttpRequest::app_data<T>()
returnsOption<&T>
instead ofOption<&Data<T>>
Fixed
- Fix
AppConfig::secure()
is always false. #1202
[2.0.0-alpha.6] - 2019-12-15
Fixed
- Fixed compilation with default features off
[2.0.0-alpha.5] - 2019-12-13
Added
- Add test server,
test::start()
andtest::start_with()
[2.0.0-alpha.4] - 2019-12-08
Deleted
- Delete HttpServer::run(), it is not useful witht async/await
[2.0.0-alpha.3] - 2019-12-07
Changed
- Migrate to tokio 0.2
[2.0.0-alpha.1] - 2019-11-22
Changed
-
Migrated to
std::future
-
Remove implementation of
Responder
for()
. (#1167)
[1.0.9] - 2019-11-14
Added
- Add
Payload::into_inner
method and make storeddef::Payload
public. (#1110)
Changed
- Support
Host
guards when theHost
header is unset (e.g. HTTP/2 requests) (#1129)
[1.0.8] - 2019-09-25
Added
-
Add
Scope::register_data
andResource::register_data
methods, parallel toApp::register_data
. -
Add
middleware::Condition
that conditionally enables another middleware -
Allow to re-construct
ServiceRequest
fromHttpRequest
andPayload
-
Add
HttpServer::listen_uds
for ability to listen on UDS FD rather than path, which is useful for example with systemd.
Changed
-
Make UrlEncodedError::Overflow more informativve
-
Use actix-testing for testing utils
[1.0.7] - 2019-08-29
Fixed
- Request Extensions leak #1062
[1.0.6] - 2019-08-28
Added
-
Re-implement Host predicate (#989)
-
Form immplements Responder, returning a
application/x-www-form-urlencoded
response -
Add
into_inner
toData
-
Add
test::TestRequest::set_form()
convenience method to automatically serialize data and set the header in test requests.
Changed
-
Query
payload madepub
. Allows user to pattern-match the payload. -
Enable
rust-tls
feature for client #1045 -
Update serde_urlencoded to 0.6.1
-
Update url to 2.1
[1.0.5] - 2019-07-18
Added
-
Unix domain sockets (HttpServer::bind_uds) #92
-
Actix now logs errors resulting in "internal server error" responses always, with the
error
logging level
Fixed
- Restored logging of errors through the
Logger
middleware
[1.0.4] - 2019-07-17
Added
-
Add
Responder
impl for(T, StatusCode) where T: Responder
-
Allow to access app's resource map via
ServiceRequest::resource_map()
andHttpRequest::resource_map()
methods.
Changed
- Upgrade
rand
dependency version to 0.7
[1.0.3] - 2019-06-28
Added
- Support asynchronous data factories #850
Changed
- Use
encoding_rs
crate instead of unmaintainedencoding
crate
[1.0.2] - 2019-06-17
Changed
-
Move cors middleware to
actix-cors
crate. -
Move identity middleware to
actix-identity
crate.
[1.0.1] - 2019-06-17
Added
-
Add support for PathConfig #903
-
Add
middleware::identity::RequestIdentity
trait toget_identity
fromHttpMessage
.
Changed
-
Move cors middleware to
actix-cors
crate. -
Move identity middleware to
actix-identity
crate. -
Disable default feature
secure-cookies
. -
Allow to test an app that uses async actors #897
-
Re-apply patch from #637 #894
Fixed
- HttpRequest::url_for is broken with nested scopes #915
[1.0.0] - 2019-06-05
Added
-
Add
Scope::configure()
method. -
Add
ServiceRequest::set_payload()
method. -
Add
test::TestRequest::set_json()
convenience method to automatically serialize data and set header in test requests. -
Add macros for head, options, trace, connect and patch http methods
Changed
- Drop an unnecessary
Option<_>
indirection aroundServerBuilder
fromHttpServer
. #863
Fixed
-
Fix Logger request time format, and use rfc3339. #867
-
Clear http requests pool on app service drop #860
[1.0.0-rc] - 2019-05-18
Add
- Add
Query<T>::from_query()
to extract parameters from a query string. #846 QueryConfig
, similar toJsonConfig
for customizing error handling of query extractors.
Changed
JsonConfig
is nowSend + Sync
, this implies thaterror_handler
must beSend + Sync
too.
Fixed
- Codegen with parameters in the path only resolves the first registered endpoint #841
[1.0.0-beta.4] - 2019-05-12
Add
- Allow to set/override app data on scope level
Changed
App::configure
take anFnOnce
instead ofFn
- Upgrade actix-net crates
[1.0.0-beta.3] - 2019-05-04
Added
- Add helper function for executing futures
test::block_fn()
Changed
-
Extractor configuration could be registered with
App::data()
or withResource::data()
#775 -
Route data is unified with app data,
Route::data()
moved to resource level toResource::data()
-
CORS handling without headers #702
-
Allow to construct
Data
instances to avoid doubleArc
forSend + Sync
types.
Fixed
- Fix
NormalizePath
middleware impl #806
Deleted
App::data_factory()
is deleted.
[1.0.0-beta.2] - 2019-04-24
Added
-
Add raw services support via
web::service()
-
Add helper functions for reading response body
test::read_body()
-
Add support for
remainder match
(i.e "/path/{tail}*") -
Extend
Responder
trait, allow to override status code and headers. -
Store visit and login timestamp in the identity cookie #502
Changed
.to_async()
handler can returnResponder
type #792
Fixed
- Fix async web::Data factory handling
[1.0.0-beta.1] - 2019-04-20
Added
-
Add helper functions for reading test response body,
test::read_response()
and test::read_response_json()` -
Add
.peer_addr()
#744 -
Add
NormalizePath
middleware
Changed
-
Rename
RouterConfig
toServiceConfig
-
Rename
test::call_success
totest::call_service
-
Removed
ServiceRequest::from_parts()
as it is unsafe to create from parts. -
CookieIdentityPolicy::max_age()
accepts value in seconds
Fixed
- Fixed
TestRequest::app_data()
[1.0.0-alpha.6] - 2019-04-14
Changed
-
Allow to use any service as default service.
-
Remove generic type for request payload, always use default.
-
Removed
Decompress
middleware. Bytes, String, Json, Form extractors automatically decompress payload. -
Make extractor config type explicit. Add
FromRequest::Config
associated type.
[1.0.0-alpha.5] - 2019-04-12
Added
- Added async io
TestBuffer
for testing.
Deleted
- Removed native-tls support
[1.0.0-alpha.4] - 2019-04-08
Added
-
App::configure()
allow to offload app configuration to different methods -
Added
URLPath
option for logger -
Added
ServiceRequest::app_data()
, returnsData<T>
-
Added
ServiceFromRequest::app_data()
, returnsData<T>
Changed
-
FromRequest
trait refactoring -
Move multipart support to actix-multipart crate
Fixed
- Fix body propagation in Response::from_error. #760
[1.0.0-alpha.3] - 2019-04-02
Changed
-
Renamed
TestRequest::to_service()
toTestRequest::to_srv_request()
-
Renamed
TestRequest::to_response()
toTestRequest::to_srv_response()
-
Removed
Deref
impls
Removed
- Removed unused
actix_web::web::md()
[1.0.0-alpha.2] - 2019-03-29
Added
- rustls support
Changed
-
use forked cookie
-
multipart::Field renamed to MultipartField
[1.0.0-alpha.1] - 2019-03-28
Changed
-
Complete architecture re-design.
-
Return 405 response if no matching route found within resource #538