HTTP.jl Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

<!– ## Unreleased –>

v1.10.1 - 2023-11-28

Changed

Server errors are no longer serialized back to the client since this might leak sensitive information through the error message. (#1126)
When showing HTTP.Request and HTTP.Response the values for the headers Authorization, Proxy-Authorization, Cookie, and Set-Cookie are masked with *s since they might include sensitive information. (#1127)

Fixed

Restrict HTTP.isredirect to arguments of integer types. (#1117)
Fix HTTP.getcookies error when key doesn't exist. (#1119)

v1.10.0 - 2023-09-18

Fixed

Don't retry on internal exceptions. (#1110)
Fix logging of errors to stringify instead of passing as exception keyword. (#1092)

v1.9.16 - 2023-10-02

Backport of #1092.

v1.9.15 - 2023-09-10

Fixed

Mark recoverability of DNS errors correctly. (#1088)
Remove readuntil type-piracy. (#1083)

v1.9.14 - 2023-07-12

Changed

Revert multithreaded connection attempts. (#1078)

v1.9.13 - 2023-07-12

Fixed

Don't acquire IO lock within the connection lock. (#1077)

v1.9.12 - 2023-07-12

Fixed

Fix keepalive related bug introduced in 1.9.8.

v1.9.11 - 2023-07-11

Changed

Make sure connection timeout doesn't count the time for lock-acquiring. (#1075)
Update the default connection timeout from 60 to 30 seconds. (#1075)

v1.9.10 - 2023-07-10

Changed

Update the default connection timeout from 10 to 60 seconds.

v1.9.9 - 2023-07-10

Fixed

Ensure unused TCP connections are closed. (#1073)

v1.9.8 - 2023-06-29

Changed

Try to connect to all adresses in parallel when establishing a connection. (#1068)

v1.9.7 - 2023-06-22

Changed

Integrate with ExceptionUnwrapping.jl (#1065)

v1.9.6 - 2023-05-27

Fixed

Allow retries if captured exception is recoverable. (#1057)

v1.9.5 - 2023-05-19

Fixed

Make sure set_default_connection_limit usage applies also to already existing global pools. (#1053)

v1.9.4 - 2023-05-14

Fixed

Fix usage of the lock added in v1.9.3. (#1049).

v1.9.3 - 2023-05-14

Fixed

Add another missing lock for updating request context (#1048).

v1.9.2 - 2023-05-13

Fixed

Add missing locks for updating request context (#1046).

v1.9.1 - 2023-05-11

Fix issue where error response body wasn't being set when readtimeout is specified. (#1044)

v1.9.0 - 2023-05-11

Changed

The default TLS library have been changed from MbedTLS to OpenSSL. (#1039)
Use Threads.@spawn instead of @async in various places. (#1039)

v1.8.1 - 2023-05-09

Fixed

Fix use of undefined variable in timeout code. (#1043)

v1.8.0 - 2023-04-27

Added

Overload URIs.queryparams for HTTP.Request and HTTP.Response. (#1012)

Changed

Request bodies as dictionaries have been widened from Dict to AbstractDict. (#1029)
The connection pool implementation have been extracted to the ConcurrentUtilities.jl package. (#1034)

Fixed

Remove unused IniFile dependency. (#1013)
Write cookie separator with a space. (#1016)
Parse set-cookie expire with a trailing GMT. (#1035)

v1.7.4 - 2023-01-24

Fixed

Fix a segfault related to missing locks in calls to libuv. (#999)

v1.7.2 - 2023-01-13

Added

HTTP.download now automatically decompresses gzip'd content (similar to HTTP.request). (#986)

Fixed

Release old connections from the correct socket pool. (#998)

v1.7.1 - 2023-01-12

Fixed

Allow the keyword argument retry_delays to be of any type (not just ExponentialBackOff). (#993)
Remove the default 60 second read timeout, and reduce default connection timeout to 10 seconds. (These were added in 1.7.0.) (#994)

v1.7.0 - 2023-01-12

Added

Allow passing pre-allocated buffer for response body. (#984)
HTTP.StatusCodes module/namespace with all HTTP status code and corresponding status texts. (#982)

Changed

Add a default timeout of 60 seconds client side .(#992)
The default value of keepalive::Bool for TCP connections have been updated to true. (#991)

Fixed

Parametrize the internal Connection type on the socket type to avoid some type instabilities. (#983)
Account for response status when retrying. (#990)

v1.6.3 - 2023-01-03

Fixed

Slightly reduce memory allocations when reading/writing HTTP messages. (#950)
Set line info for the @clien macro to the macro call site. (#981)

v1.6.2 - 2022-12-15

Changed

Pass the response body as argument to the retry_check user function introduced in 1.6.0. (#976)

v1.6.1 - 2022-12-14

Fixed

Fix a bug related to response bodies not being set after StatusError exceptions. (#975)

v1.6.0 - 2022-12-11

Added

Configurable retry logic through the retry_delays and retry_check keyword arguments of HTTP.request and similar methods. (#974)

Fixed

Do not turn HEAD requests to GET by default through redirects. (#967)
Fix some thread-related caches for interactive threadpools. (#972)

v1.5.5 - 2022-11-18

Fixed

Allow retrying requests after write failures. (#964)

v1.5.4 - 2022-11-14

Fixed

Update [compat] to allow LoggingExtras.jl version 1. (#963)

v1.5.3 - 2022-11-09

Fixed

Use @sync instead of @spawn when interactive threads are not supported. (#960)

v1.5.2 - 2022-11-03

Changed

The server task is spawned on an interactive thread if available. (#955)

Fixed

Fix a bug related to rethrowing exceptions in timeout handling. (#942)

v1.5.1 - 2022-10-20

Added

Number of retries is recorded in the request context. (#946)

Fixed

Fix socket type for ssl upgrade when the the protocals differ. (#943)

v1.5.0 - 2022-10-17

Added

The function HTTP.set_default_connection_limit!(::Int) have been added. (#940)

Fixed

Various fixes to the optional OpenSSL integration. (#941)

v1.4.1 - 2022-10-11

Added

Support for specifying CA_BUNDLE via environment variables.. (#925, #933)

Fixed

Fix DEBUG_LEVEL handling to propagate to the logger correctly. (#929)
Fix a server side crash when issuing HTTP request to a HTTPS server. (#934, #935)

v1.4.0 - 2022-09-22

Added

Support for using OpenSSL for TLS connections. MbedTLS is still the default. (#928)

Changed

Better verification and error reporting of invalid headers. (#918, #919)

Fixed

Fix vararg function definition of HTTP.head.

v1.3.3 - 2022-08-26

Fixed

Revert faulty bugfix from previous release. (#914)

v1.3.2 - 2022-08-25

Fixed

Fix a bug in idle connection monitoring. (#912)

v1.3.1 - 2022-08-24

Fixed

Fix a bug related to read timeouts. (#911)

v1.3.0 - 2022-08-24

Added

HTTP.listen! now support the keyword argument listenany::Bool to listen to any available port. The resulting port can be obtained from the returned Server object by HTTP.port. (#905)
Gzip decompression of request bodies can now be forced by passing decompress=true to HTTP.request. (#904)

Fixed

Fix a stack overflow error in HTTP.download when the URI had a trailing /. (#897)
Fix a bug related to not accounting for timeouts correctly. (#909, #910)

v1.2.1 - 2022-08-10

Fixed

Fix an bug in idle connection monitoring. (#901)

v1.2.0 - 2022-07-18

Added

Add ability to "hook" a middleware into Router post-matching. (#886)

v1.1.0 - 2022-07-17

Added

The response body is now preserved when retrying/redirecting. (#876)
HTTP.getparam has been added to fetch one routing parameter (in addition to the existing HTTP.getparams). (#880)
HTTP.removeheader has been added. (#883)

Changed

Allow any string for parameter names in router. (#871, #872)

Fixed

The acquire/release usage from the connection pool have been adjusted to fix a possible hang when concurrently issuing a large number of requests. (#882)
A bug in the connection reuse logic has been fixed. (#875, #885)

v1.0.5 - 2022-06-24

Added

Store the original registered route path when Router matches. (#866)

Fixed

Fix use of undefined variable in cookie-code. (#867)

v1.0.4 - 2022-06-21

Fixed

Ensure underlying Connection gets closed in websocket close sequence. (#865)

v1.0.3 - 2022-06-21

Fixed

Ensure a Request accounts correctly for isredirect/retryable. (#864)

v1.0.2 - 2022-06-20

Fixed

Fix some issues with automatic gzip decompression. (#861)

v1.0.1 - 2022-06-19

Fixed

Fix HTTP.listen with providec TCP server. (#857)
Add some deprecation warnings to help upgrade from 0.9.x to 1.0.x. (#858)

v1.0.0 - 2022-06-19

Added

The response body for responses with Content-Encoding: gzip are now automatically decompressed. Pass decompress=false to HTTP.request to disable. (#838)
HTTP.parse_multipart_form can now parse responses (as well as requests). (#817)
HTTP.listen! has been added as a non-blocking version of HTTP.listen. It returns a Server object which supports wait, close and forceclose. See documentation for details. (#854)

Changed

HTTP.jl no longer calls close on streams given with the response_stream keyword argument to HTTP.request and friends. If you relied on this behavior you now have to do it manually, e.g.
```
io = ...
HTTP.request(...; response_stream = io)
close(io)
```
(#543, #752, #775).
The internal client request layer stack have been reworked to be value based instead of type based. This is breaking if you implement custom layers but not for regular client usage. Refer to the documentation for how to update. (#789)
The server side Handlers/Router framework have been reworked. Refer to the documentation for how to update. (#818)
The default value (optional third argument) to HTTP.header can now be of any type (not just AbstractString). (#820)
HTTP.jl now attempts to reencode malformed, non-ascii, headers from Latin-1 to UTF-8. (#830)
Headers with the empty string as their value are now omitted from requests (this matches the behavior of e.g. curl). (#831)
Requests to localhost are no longer proxied. (#833)
The cookie-code have been reworked. In particular it is now safe to use concurrently. (#836)
The websockets code have been reworked. (#843)
HTTP.jl exception types are now more consistent. (#846)

Removed

Support for "pipelined requests" have been removed in the client implementation. The keyword arguments to HTTP.request related to this feature (pipeline_limit and reuse_limit) are now ignored (#783).

v0.9.17 - 2021-11-17

Fixed

Correctly throw an EOFError if the connection is closed with remaining bytes to be transferred (#778, #781).

v0.9.16 - 2021-09-29

See changes for 0.9.15: this release is equivalent to 0.9.15 with #752 reverted. #752 might be included in a future breaking release instead, see #774.

v0.9.15 - 2021-09-27

Note: This release have been pulled back since #752 turned out to be breaking.

Changed

Reverted in 0.9.16 HTTP.jl no longer calls close on streams given with the response_stream keyword argument to HTTP.request and friends. If it is required to close the stream after the request you now have to do it manually, e.g.
```
io = ...
HTTP.request(...; response_stream = io)
close(io)
```
(#543, #752).
The Content-Type header for requests with HTTP.Form bodies is now automatically set also for PUT requests (just like POST requests) (#770, #740).

Fixed

Fix faulty error messages from an internal macro (#753).
Silence ECONNRESET errors on more systems (#547, #763, #764).
Use Content-Disposition from original request in case of a 3xx response (#760, #761).
Fix cookie handling to be case-insensitive for Set-Cookie headers (#765, #766).

v0.9.14 - 2021-08-31

Changed

Improved memory use and performance of multipart parsing (#745).

Fixed

HTTP.Response now accept any Integer as the return status (not just Int) (#734, #742).

v0.9.13 - 2021-08-01

Changed

The call stack now has a TopLayer inserted at the top to simplify adding new layers at the top (#737).

v0.9.12 - 2021-07-01

Fixed

Fix a JSON detection issue in HTTP.sniff for negative numeric values (#730).

v0.9.11 - 2021-06-30

Changed

"Connection closed by peer" errors are now emitted as Debug-level messages (instead of Error-level) (#727).

Fixed

Fix websocket disconnection errors (#723).
Reduced allocations for some internals functions used for e.g. header comparison (#725).

v0.9.10 - 2021-05-30

Fixed

Fix access logging to also log internal server errors (#717).
Fix a possible crash in access logging of remote IP when the connection have been closed (#718).

v0.9.9 - 2021-05-23

Added

Access logging functionality to HTTP.listen and HTTP.serve (#713).

Fixed

Include Host header for CONNECT proxy requests (#714).

v0.9.8 - 2021-05-02

Fixed

URLs are now checked for missing protocol and hostname when making requests (#703).
Fix an issue where relative HTTP 3xx redirects would not resolve the new URL correctly by upgrading the URIs dependency (#707).
Fix automatic detection of filename in HTTP.download to (i) not include any query parameters and (ii) use the original request URL instead of any redirect URLs (#706).

Changed

Improvements to internal allocation of buffers to decrease package load time (#704).

v0.9.7 - 2021-04-28

Added

Implement Sockets.getpeername(::HTTP.Stream) for getting the client IP address and port from a HTTP.Stream (#702).

v0.9.6 - 2021-04-27

Added

New function HTTP.statustext for getting the string representation of a HTTP status code (#688).
New exception ReadTimeoutError which is thrown for request that time out (#693).

Changed

Un-deprecate HTTP.status, HTTP.headers, HTTP.body, HTTP.method, and HTTP.uri (#682).

Fixed

Fixes and improvements to rate limiting in HTTP.listen and HTTP.serve (#701).

v0.9.5 - 2021-02-23

Fixed

Fix implicitly added Host header for HTTP.request (and friends) to include the port for non-standard ports (#680).

v0.9.4 - 2021-02-23

Changed

NetworkOptions.jl's verify_host is now used for the default value for host verification (#678).

Fixed

Ignore HTTP_PROXY and HTTPS_PROXY environment variables if they are set to the empty string (#674).
When trying to establish a connection, try all IP addresses found for the host instead of just the first one (#675).

v0.9.3 - 2021-02-10

Added

New keyword max_connections::Int to HTTP.listen for specifying maximum value of concurrent active connections (#647).

Changed

The header Accept: */* is now added by default for HTTP.request and friends (this mirrors the behavior of e.g. curl and Python's request) (#666).

v0.9.2 - 2020-12-22

Changed

If a proxy specification includes userinfo it is now added as the Proxy-Authorization: Basic XXX header (#640).

Fixed

Proxy specifications using the environment variables HTTP_PROXY/HTTPS_PROXY are now checked, previously only the lowercase versions http_proxy/https_proxy where checked (#648).

v0.9.1 - 2020-12-04

Changed

TCP connections are now flushed on closewrite which can improve latency in some cases (#635).
Callbacks to HTTP.listen that never calls startwrite now throw and return 500 Internal Server Error to the client (#636).
closebody does not error if closing bytes could not be written (#546).

v0.9.0 - 2020-11-12

Added

New keyword argument on_shutdown::Union{Function,Vector{Function}} to HTTP.listen/ HTTP.serve for registering callback function to be run at server shutdown (#599).
New functions insert_default! and remove_default! for inserting/removing layers in the default stack (#608).
New keyword argument boundary to HTTP.Form for specifying the boundary for multipart requests (#613, #615).

Changed

The internal HTTP.URIs module have been factored out to an independent package which HTTP.jl now depends on (#616).

Fixed

Fix a formatting bug in progress reporting in HTTP.download (#601).
Fix a case where bad HTTPS requests to would cause the HTTP.jl server to throw (#602).
The correct host/port is now logged even if the server is provided with the server keyword argument to HTTP.listen/HTTP.serve (#611).
Fix some outdated internal calls that would throw when passing a connect_timeout to HTTP.request and friends (#619).