- Fix compatability with Ranch 1.6
- Do not include secret_key_base in inspected data
- Prune args from stacktrace in Crypto functions
- Add
Plug.Test.put_peer_data/2
- Support MFAs for cookie session secrets
- Allow
builder_opts()
to be passed to inner plugs inPlug.Builder
- Enhancements
- Raise on unknown
Plug.SSL
cipher_suites - Document Cowboy 2 usage with unix sockets
- Add
Plug.Debugger
banner for custom page details - Do not crash error reporter for Cowboy 2 on undefined port
- Raise on unknown
- Enhancements
- Add
Plug.Conn.inform/3
andPlug.Conn.inform!/3
to support HTTP/2 informational responses - Add
Plug.Conn.get_peer_data/1
to read client information such as address, port and ssl cert - Add
Plug.Conn.get_http_protocol/1
- Add
Plug.SSL.configure/1
to hold common SSL configuration and enablereuse_sessions
andsecure_renegotiate
by default in adapters - Add the
cipher_suite
option to provide secure defaults for a:strong
or a:compatible
TLS configuration. Plug.SSL
skips HSTS by default on localhost. The list of hosts to exclude is configurable
- Add
-
Enhancements
- Implement missing access behaviour for
Plug.Conn.Unfetched
to provide better error messages - Add function plug forwarding to
Plug.Router
- Support custom body readers in
Plug.Parsers
- Introduce
merge_assigns/2
andmerge_private/2
- Add
Plug.Conn.WrapperError.reraise/1
andPlug.Conn.WrapperError.reraise/4
to deal with upcoming changes in Elixir v1.7
- Implement missing access behaviour for
-
Bug fixes
- Properly convert all list headers to map when using Cowboy 2
- Do not require certfile/keyfile with ssl if sni options are present
-
Enhancements
- Add
init_mode
toPlug.Builder
for runtime initialization - Allow passing MFA tuple to JSON decoder
- Allow
:log_error_on_incomplete_requests
to be disabled for Cowboy adapters - Support Cowboy 2.2 with HTTP/2 support
- Optimize
Plug.RequestID
on machines with multiple cores - Add
Plug.Conn.push/3
andPlug.Conn.push!/3
to support HTTP/2 server push - Add
Plug.Conn.request_url/1
- Optimise
Plug.HTML.html_escape_to_iodata/1
- Add
Plug.Router.match_path/1
- Log on
Plug.SSL
redirects - Allow
Plug.CSRFProtection
tokens to be generated and matched with host specific information - Add
Plug.Conn.prepend_resp_headers/3
- Add
Plug.Status.reason_atom/1
- Add
-
Bug fixes
- Ensure CSRF token is not deleted if plug is called twice
- Do not fail on empty multipart body without boundary
- Do not decode empty query string pairs
- Consider both the connection protocol and
x-forwarded-proto
when redirecting onPlug.SSL
-
Deprecations
- Deprecate Plug.Conn's Collectable protocol implementation