Skip to content

v0.3.0

Choose a tag to compare

View all tags
@davidpdrsn davidpdrsn released this 25 Apr 13:38
tower-http-0.3.0
1f111cc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Added

  • fs: Add ServeDir::{fallback, not_found_service} for calling another service if
    the file cannot be found (#243)
  • fs: Add SetStatus to override status codes (#248)
  • ServeDir and ServeFile now respond with 405 Method Not Allowed to requests where the
    method isn't GET or HEAD (#249)
  • cors: Added CorsLayer::very_permissive which is like
    CorsLayer::permissive except it (truly) allows credentials. This is made
    possible by mirroring the request's origin as well as method and headers
    back as CORS-whitelisted ones (#237)
  • cors: Allow customizing the value(s) for the Vary header (#237)

Changed

  • cors: Removed allow-credentials: true from CorsLayer::permissive.
    It never actually took effect in compliant browsers because it is mutually
    exclusive with the * wildcard (Any) on origins, methods and headers (#237)
  • cors: Rewrote the CORS middleware. Almost all existing usage patterns
    will continue to work. (BREAKING) (#237)
  • cors: The CORS middleware will now panic if you try to use Any in
    combination with .allow_credentials(true). This configuration worked
    before, but resulted in browsers ignoring the allow-credentials header,
    which defeats the purpose of setting it and can be very annoying to debug
    (#237)

Fixed

  • fs: Fix content-length calculation on range requests (#228)
Assets 2
Loading