Release Notes

Hono v3.5.0 is now available! Here's what's new.

Secure Headers Middleware

We've added the Secure Headers Middleware. It aids in enhancing your app's security by setting HTTP response headers. It's akin to Helmet for Express.

import { Hono } from 'hono'
import { secureHeaders } from 'hono/secure-headers'

const app = new Hono()

app.use('*', secureHeaders())

app.get('/', (c) => c.text('Hello!'))

// ...

export default app

For an in-depth look, visit the documentation. Thanks @watany-dev for the remarkable contribution!

Introducing "Helpers"

We're unveiling a new concept named "Helpers". While similar to middleware, these are not handlers but handy functions. Prior to this release, the cookie-related functions were a part of the Cookie Middleware. These aren't true middleware. Now, they've been transformed into the "Cookie Helper":

import { getCookie, setCookie } from 'hono/cookie'

const app = new Hono()

app.get('/cookie', (c) => {
  const yummyCookie = getCookie(c, 'yummy_cookie')
  // ...
  setCookie(c, 'delicious_cookie', 'macha')
  // ...
})

However, no worries about breaking changes! The import path hono/cookie remains unchanged. So, usage remains consistent with previous versions.

Zod OpenAPI Middleware

Zod OpenAPI has been rolled out. Zod OpenAPI Hono is an enhanced Hono class supporting OpenAPI. It enables value and type validation using Zod and also facilitates OpenAPI Swagger documentation generation.

Dive deeper with the documentation.

Deprecated Features

The following features are now marked as deprecated:

queries in the Validator - Please switch to query.
c.runtime() - Transition to the Adapter Helper.
app.handleEvent() - Use app.fetch() instead.

These will be removed in version 4.

Additional Features

The Validator now has the capability to validate "headers" and "cookies". #1352
You can now pass env to getPath(). #1345
Body content caching is introduced. #1333
hono/context has been exported. #1332

All Updates

chore: add format script by @watany-dev in #1334
docs: support change of escapeTextForBrowser path in react by @sor4chi in #1336
refactor: lint by @yusukebe in #1339
refactor: denoify by @yusukebe in #1344
refactor(compress-middleware): resolve type assertion using const assertion by @sor4chi in #1343
Web query undefined check by @Tanner-Scadden in #1340
feat(package.json): export hono/context by @yusukebe in #1332
feat(req): cache body content by @yusukebe in #1333
fix(middleware): signed cookie misinterpretation of cookie values with dot by @torte in #1342
refactor(context): allow passing HonoRequest as 1st arg by @yusukebe in #1312
fix(req): fix inferring types in req.valid() by @yusukebe in #1351
feat(validator): deprecate queries (use query instead) by @yusukebe in #1350
feat(validator): supports header and cookie by @yusukebe in #1352
fix(type): add missing S to RemoveBlankRecord by @sizumita in #1354
feat(app): pass env to getPath() by @yusukebe in #1345
fix(client): ignore header and cookie types by @yusukebe in #1359
fix(types): corrected argument types for Context methods by @asaxeye in #1357
feat(middleware): Alternative middleware equivalent to Helmet by @watany-dev in #1341
feat: introduce "Helpers" by @yusukebe in #1353
fix(middleware.ts): export secure-headers for Deno by @yusukebe in #1361

New Contributors

@sor4chi made their first contribution in #1336
@Tanner-Scadden made their first contribution in #1340
@asaxeye made their first contribution in #1357

Full Changelog: v3.4.3...v3.5.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v3.5.0