Add Web Application Middleware#9
Merged
kyleingraham merged 10 commits intotrunkfrom Nov 2, 2023
Merged
Conversation
Add new middleware relevant for web applications intended to be
rendered in a web browser:
- `useIsSecureRequestMiddleware` - Record on request whether it
was delivered via a secure channel.
- `useHstsMiddleware` - Inform browsers that your app should only
be visited via HTTPS.
- `useStaticFilesMiddleware` - Serves static files.
- `useRoutingMiddleware` - Adds the ability to route a request to
a handler. Must be used with and called before
`useHandlerMiddleware`.
- `useBrowserHardeningMiddleware` - Harden the browser environment
your web app is rendered in.
- `useHandlerMiddleware` - Calls a selected handler after routing.
Must be used with and called after `useRoutingMiddleware`.
Middleware are specified in `WebAppSettings.middleware`.
Refactor static file handling into a middleware. Some web
application middleware are irrelevant for static files and with the
previous handler implementation there was no ability to opt out of
them. With a static files middleware we can short-circuit early and
keep static file serving lean as we add more middleware.
Restore public access on Router.parsePath so that it can be accessed from WebApp. Update Router's handler whenever routes or middleware are modified. This removes the need to check for handler updates on every request and ensures that all initialization occurs before threading in vibe.d setup. Increase the time between tests to allow for slower computers.
Add protection against trusting client-provided security headers
from misconfigured proxies.
Add conversion of exceptions to requests in middleware system. This
enables surfacing messages on error conditions from deep within
middleware.
Add `core` package for exceptions and other centrally-required code.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add new middleware relevant for web applications intended to be
rendered in a web browser:
useIsSecureRequestMiddleware- Record on request whether itwas delivered via a secure channel.
useHstsMiddleware- Inform browsers that your app should onlybe visited via HTTPS.
useStaticFilesMiddleware- Serves static files.useRoutingMiddleware- Adds the ability to route a request toa handler. Must be used with and called before
useHandlerMiddleware.useBrowserHardeningMiddleware- Harden the browser environmentyour web app is rendered in.
useHandlerMiddleware- Calls a selected handler after routing.Must be used with and called after
useRoutingMiddleware.Middleware are specified in
WebAppSettings.middleware.Refactor static file handling into a middleware. Some web
application middleware are irrelevant for static files and with the
previous handler implementation there was no ability to opt out of
them. With a static files middleware we can short-circuit early and
keep static file serving lean as we add more middleware.
Add protection against trusting client-provided security headers
from misconfigured proxies.
Add conversion of exceptions to requests in middleware system. This
enables surfacing messages on error conditions from deep within
middleware.
Add
corepackage for exceptions and other centrally-required code.