You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add SetTLSFingerprintSpec for custom ClientHelloSpec support — accepts a *utls.ClientHelloSpec for fine-grained TLS fingerprint customization (JA3/JA4). Closes #477, #478.
Add SensitiveHeadersRedirectPolicy — strips custom auth headers (e.g. X-API-Key, X-Auth-Token) on cross-domain redirects to prevent credential leakage (CWE-200). Fixes #489.
Port quic-go v0.59.0 — aligns with quic-go v0.59.0 breaking changes: removes deprecated ConnectionTracingID/ConnectionTracingKey, removes stream hijacking API, replaces handleUnidirectionalStreams with per-stream callback, adds RawClientConn for fine-grained stream control, adds HandleBidirectionalStream (closes conn per RFC 9114), fixes SupportsDatagrams → SupportsDatagrams.Remote. Fixes #482.
Bug Fixes
Unmarshal returns error on error status codes — now checks IsErrorState() before deserializing, preventing 4xx/5xx response bodies from being deserialized into target structs. Closes #465.
Retry on GOAWAY errors with cached HTTP/2 connections — RoundTripOnlyCachedConn now falls through to create a new connection instead of returning errClientConnGotGoAway directly. Closes #491.
SetCookieJarFactory returns http.CookieJar interface — changes return type from *cookiejar.Jar to http.CookieJar, allowing custom cookie jar implementations. Closes #415.
Add application/json to Chrome impersonate accept header — matches Chrome's actual accept header for API requests expecting JSON. Closes #471.
Dependencies
Upgrade utls to v1.8.2 — security update from v1.8.1. Addresses #459.
Tests
Add comprehensive unit tests for HTTP/3 frames, headers, transport, and dump.