Skip to content

Releases: gorilla/handlers

v1.5.1

d453eff
Compare
Choose a tag to compare

馃攰 v1.5.1 fixes an issue with the CompressHandler introduced in v1.5.0 that would break compression of some responses. We strongly recommend you upgrade to v1.5.1.

CHANGELOG

v1.5.0 馃巵

d6944a4
Compare
Choose a tag to compare

v1.5.1 fixes an issue with the CompressHandler introduced in v1.5.0 that would break compression of some responses. We strongly recommend you upgrade to v1.5.1.

This release improves how handlers manages existing http.ResponseWriters that are already wrapped with a Pusher or other extensions. It will no longer break existing implementations thanks to the changes made in #193.

CHANGELOG

  • Use httpsnoop to wrap ResponseWriter. (#193) @muirdm
  • skip compression on upgrade connection (#187) @benitogf
  • Use got-want style so mutation test can be performed easily with corr鈥 (#184) @uudashr
  • [compress] Vary: Accept-Encoding must always be set (#175) @dunglas
  • Cleanup CompressHandlerLevel (#173) @fharding1

v1.4.2 馃泝

8a3748a
Compare
Choose a tag to compare

This release fixes an issue with hijacked requests that could lead to temp directory mis-use, as well as minor documentation changes.

CHANGELOG

v1.4.1

415c481
Compare
Choose a tag to compare

This release adds Go Modules support, among other minor changes (below) 鈿★笍

CHANGELOG

v1.4.0

Compare
Choose a tag to compare

Adds the ability to register a custom log formatter for HTTP logging, and addresses a CORS middleware bug.

CHANGELOG
7e0847f added ability to register custom log formatter (#131)
6257a58 Fix typo in cors.go (#127)
13a38d2 [bugfix] Handle CORS pre-flight request in middleware (#112)
2b8556b Revert "Add Vary header when allowedOrigins is * (#114)" (#122)
9327cfd Add Vary header when allowedOrigins is * (#114)c5874fa distinguish between explicit and implicit star (#118)

CORS Security Fix

Compare
Choose a tag to compare
  • Fixes a security issue where Access-Control-Allow-Origin would reflect the Origin header in the request, which has different (and worse) security vs. returning an explicit "*". Thanks to @ejcx for reporting and fixing.

CHANGELOG

9066371 [bugfix] Don't return the origin header when configured to * (#116)

v1.2.1

Compare
Choose a tag to compare
  • Fixes a bug with loggers that did not call WriteHeader (a4043c6)
  • Adds support for the http.Pusher interface (for HTTP/2 Server Push) (356173f)

CHANGELOG:

a4043c6 use http.StatusOK as initial value for responseLogger.status (#103)
13d7309 README.md: Add sourcegraph badge
6d39a51 Merge pull request #97 from nwidger/master
602b326 (Combined)LoggingHandler: Add tests for http.Push support
356173f (Combined)LoggingHandler: Add Go 1.8 http.Pusher support

v1.2

Compare
Choose a tag to compare

3a5767c Merge pull request #94 from pavelnikolov/recovery-logger-interface-instead-of-struct
3fda98c Use logger interface in recovery handler (#92)
e1b2144 [docs] Add note about the CompressHandler and TLS traffic (#90)
a577578 travis.yml: add go1.7
801d6e3 [bugfix] Add ProxyHeaders support for X-Forwarded-Proto (#79)
8e3f298 Add ProxyHeaders support for X-Forwarded-Proto.
af3022d [feature] Support X-Forwarded-Host (#75)
d3ca879 Support X-Forwarded-Host
66e6c6f Merge pull request #72 from gorilla/elithrar/ci-allow-tip-failures
aeb4f8e [ci] Allow CI failures on tip.

v1.1 - "Long Overdue"

Compare
Choose a tag to compare

We're now tagging releases, something that was long overdue. gorilla/handlers has strict API compatibility guarantees, excepting any security issues, but we understand that being able to vendor specific versions is a useful feature.