- Added
next(statusCode)
support - Added
cookieParser(secret)
support - Added signed cookie support to
cookieParser()
- Added support for JSON-serialized cookies
- Added
err.status
support - Added public
res.headerSent
checking nodesres._headerSent
- Changed node dependency to ">= 0.5.0 < 0.7.0"
- Changed: no longer lowercase cookie names
- Changed:
errorHandler()
is now a development only middleware - Changed middleware to next() errors when possible so applications can unify logging / handling
- Improved handling of ENAMETOOLONG per #369
- Removed
http[s].Server
inheritance (now just a function) - Removed
.createServer()
(useconnect()
) - Removed
secret
option fromsession()
- Removed
connect.session.ignore
array support - Removed
router()
middleware. Closes #262
- Added: make
Store
inherit fromEventEmitter
- Added session
Store#load(sess, fn)
to fetch aSession
instance - Added backpressure support to
staticCache()
- Changed
res.socket.destroy()
toreq.socket.destroy()
- Added
staticCache()
middleware, a memory cache forstatic()
- Added public
res.headerSent
checking nodesres._headerSent
(remove when node adds this) - Changed: ignore error handling middleware when header is sent
- Changed: dispatcher errors after header is sent destroy the sock
- Revert "Added double-next reporting"
- Added double-
next()
reporting - Added
immediate
option tologger()
. Closes #321 - Dependency
qs >= 0.3.1
- Fixed
connect.static()
null byte vulnerability - Fixed
connect.directory()
null byte vulnerability - Changed: 301 redirect in
static()
to postfix "/" on directory. Closes #289
- Added: allow retval
== null
from logger callback to ignore line - Added
getOnly
option toconnect.static.send()
- Added response "header" event allowing augmentation
- Added
X-CSRF-Token
header field check - Changed dep
qs >= 0.3.0
- Changed: persist csrf token. Closes #322
- Changed: sort directory middleware files alphabetically
- Added :response-time to "dev" logger format
- Added simple
csrf()
middleware. Closes #315 - Fixed
res._headers
logger regression. Closes #318 - Removed support for multiple middleware being passed to
.use()
- Added
filter
function option todirectory()
[David Rio Deiros] - Changed: re-write of the
logger()
middleware, with extensible tokens and formats - Changed:
static.send()
".." in path without root considered malicious - Fixed quotes in docs. Closes #312
- Fixed urls when mounting
directory()
, useoriginalUrl
[Daniel Dickison]
- Added malicious path check to
directory()
middleware - Added
utils.forbidden(res)
- Added
connect.query()
middleware
- Added
connect.directory()
middleware for serving directory listings
- Fixed
connect.static()
root with..
- Fixed
connect.static()
EBADF
- Fixed EBADF in
connect.static()
. Closes #297
- Changed
connect.static()
to check resolved dirname. Closes #294
- Fixed fd leak in
connect.static()
when the socket is closed - Fixed;
bodyParser()
ignoring GET/HEAD. Closes #285
- Changed to
devDependencies
- Fixed stream creation on
static()
HEAD request. [Andreas Lind Petersen] - Fixed Win32 support for
static()
- Fixed monkey-patch issue. Closes #261
- Added "hidden" option to
static()
. ignores hidden files by default. Closes * Added; exposeconnect.static.mime.define()
. Closes #251 - Fixed
errorHandler
middleware for missing stack traces. [aseemk] #274
- Added route-middleware
next('route')
support to jump passed the route itself - Added Content-Length support to
limit()
- Added route-specific middleware support (used to be in express)
- Changed; refactored duplicate session logic
- Changed; prevent redefining
store.generate
per request - Fixed;
static()
does not set Content-Type when explicitly set [nateps] - Fixed escape
errorHandler()
{error} contents - NOTE:
router
will be removed in 2.0
- Added
router.remove(path[, method])
to remove a route
- Fixed basicAuth realm issue when passing strings. Closes #253
- Added
basicAuth(username, password)
support - Added
errorHandler.title
defaulting to "Connect" - Changed
errorHandler
css
- Fixed
logger()
httpsremoteAddress
logging [Alexander Simmerl]
- Added
router.lookup(path[, method])
- Added
router.match(url[, method])
- Added basicAuth async support. Closes #223
- Added; allow
logger()
callback function to return an empty string to ignore logging - Fixed; utilizing
mime.charsets.lookup()
forstatic()
. Closes 245
- Added
logger()
support for format function - Fixed
logger()
to support mess of writeHead()/progressive api for node 0.4.x
- Changed;
limit()
now callsreq.destroy()
- Added request "limit" event to
limit()
middleware - Changed;
limit()
middleware willnext(err)
on failure
- Fixed session middleware for HTTPS. Closes #241 [reported by mt502]
- Added
Session#reload(fn)
- Fixed
res.setHeader()
patch, preserve casing
- Fixed;
logger()
usingreq.originalUrl
instead ofreq.url
- Added
res.charset
- Added conditional sessions example
- Added support for
session.ignore
to be replaced. Closes #227 - Fixed
Cache-Control
delimiters. Closes #228
- Fixed;
static.send()
invokes callback with connection error
- Fixed exported connect function
- Fixed package.json; node ">= 0.4.1 < 0.5.0"
- Added
Session#save(fn)
. Closes #213 - Added callback support to
connect.static.send()
for express - Added
connect.static.send()
"path" option - Fixed content-type in
static()
for index.html
- Added
stack
,message
, anddump
errorHandler option aliases - Added
req.originalMethod
to methodOverride - Added
favicon()
maxAge option support - Added
connect()
alternative toconnect.createServer()
- Added new documentation
- Added Range support to
static()
- Added HTTPS support
- Rewrote session middleware. The session API now allows for session-specific cookies, so you may alter each individually. Click to view the new session api.
- Added middleware self-awareness. This helps prevent
middleware breakage when used within mounted servers.
For example
cookieParser()
will not parse cookies more than once even when within a mounted server. - Added new examples in the
./examples
directory - Added limit() middleware
- Added profiler() middleware
- Added responseTime() middleware
- Renamed
staticProvider
tostatic
- Renamed
bodyDecoder
tobodyParser
- Renamed
cookieDecoder
tocookieParser
- Fixed ETag quotes. [reported by papandreou]
- Fixed If-None-Match comma-delimited ETag support. [reported by papandreou]
- Fixed; only set req.originalUrl once. Closes #124
- Fixed symlink support for
static()
. Closes #123
- Fixed SID space issue. Closes #196
- Fixed; proxy
res.end()
to commit session data - Fixed directory traversal attack in
staticProvider
. Closes #198
- qs >= 0.0.4
- Added
qs
dependency - Fixed router race-condition causing possible failure
when
next()
ing to one or more routes with parallel requests
- Added
onvhost()
call so Express (and others) can know when they are - Revert "Added stylus support" (use the middleware which ships with stylus)
- Removed custom
Server#listen()
to allow regularhttp.Server#listen()
args to work properly - Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen]
- Fixed
utils.uid()
length error [Jxck] mounted
- Added stylus support to
compiler
- favicon.js cleanup
- compiler.js cleanup
- bodyDecoder.js cleanup
- Changed; using sha256 HMAC instead of md5. [Paul Querna]
- Changed; generated a longer random UID, without time influence. [Paul Querna]
- Fixed; session middleware throws when secret is not present. [Paul Querna]
- Added; throw when router path or callback is missing
- Fixed;
next(err)
on cookie parse exception instead of ignoring - Revert "Added utils.pathname(), memoized url.parse(str).pathname"
- Added docs/api.html
- Added
utils.pathname()
, memoized url.parse(str).pathname - Fixed
session.id
issue. Closes #183 - Changed; Defaulting
staticProvider
maxAge to 0 not 1 year. Closes #179 - Removed bad outdated docs, we need something new / automated eventually
- Added default OPTIONS support to router middleware
- Added
req.session.id
mirroringreq.sessionID
- Refactored router, exposing
connect.router.methods
- Exclude non-lib files from npm
- Removed imposed headers
X-Powered-By
,Server
, etc
- Added ./index.js
- Added route segment precondition support and example
- Added named capture group support to router
- Added
basicAuth
middleware - Added more HTTP methods to the
router
middleware
- Added staticGzip middleware
- Added
connect.utils
to expose utils - Added
connect.session.Session
- Added
connect.session.Store
- Added
connect.session.MemoryStore
- Added
connect.middleware
to expose the middleware getters - Added
buffer
option to logger for performance increase - Added favicon middleware for serving your own favicon or the connect default
- Added option support to staticProvider, can now pass root and lifetime.
- Added; mounted
Server
instances now have theroute
property exposed for reflection - Added support for callback as first arg to
Server#use()
- Added support for
next(true)
in router to bypass match attempts - Added
Server#listen()
host support - Added
Server#route
whenServer#use()
is called with a route on aServer
instance - Added methodOverride X-HTTP-Method-Override support
- Refactored session internals, adds secret option
- Renamed
lifetime
option tomaxAge
in staticProvider - Removed connect(1), it is now spark(1)
- Removed connect(1) dependency on examples, they can all now run with node(1)
- Remove a typo that was leaking a global.
- Removed
Object.prototype
forEach() and map() methods - Removed a few utils not used
- Removed
connect.createApp()
- Removed
res.simpleBody()
- Removed format middleware
- Removed flash middleware
- Removed redirect middleware
- Removed jsonrpc middleware, use visionmedia/connect-jsonrpc
- Removed pubsub middleware
- Removed need for
params.{captures,splat}
in router middleware,params
is an array - Changed; compiler no longer 404s
- Changed; router signature now matches connect middleware signature
- Fixed a require in session for default
MemoryStore
- Fixed nasty request body bug in router. Closes #54
- Fixed less support in compiler
- Fixed bug preventing proper bubbling of exceptions in mounted servers
- Fixed bug in
Server#use()
preventingServer
instances as the first arg - Fixed ENOENT special case, is now treated as any other exception
- Fixed spark env support
- Added support for router
next()
to continue calling matched routes - Added mime type for cache.manifest files.
- Changed compiler middleware to use async require
- Changed session api, stores now only require
#get()
, and#set()
- Fixed cacheManifest by adding
utils.find()
back
- Added calls to
Session()
casts the given object as aSession
instance - Added passing of
next()
to router callbacks. Closes #46 - Changed;
MemoryStore#destroy()
removesreq.session
- Changed
res.redirect("back")
to default to "/" when Referr?er is not present - Fixed staticProvider urlencoded paths issue. Closes #47
- Fixed staticProvider middleware responding to GET requests
- Fixed jsonrpc middleware
Accept
header check. Closes #43 - Fixed logger format option
- Fixed typo in compiler middleware preventing the dest option from working
- Revamped the api, view the Connect documentation for more info (hover on the right for menu)
- Added extended api docs
- Added docs for several more middleware layers
- Added
connect.Server#use()
- Added compiler middleware which provides arbitrary static compilation
- Added
req.originalUrl
- Removed blog example
- Removed sass middleware (use compiler)
- Removed less middleware (use compiler)
- Renamed middleware to be camelcase, body-decoder is now bodyDecoder etc.
- Fixed
req.url
mutation bug when matchingconnect.Server#use()
routes - Fixed
mkdir -p
implementation used in bin/connect. Closes #39 - Fixed bug in bodyDecoder throwing exceptions on request empty bodies
make install
installing lib to $LIB_PREFIX aka $HOME/.node_libraries
- Added static middleware usage example
- Added support for regular expressions as paths for router
- Added
util.merge()
- Increased performance of static by ~ 200 rps
- Renamed the rest middleware to router
- Changed rest api to accept a callback function
- Removed router middleware
- Removed proto.js, only
Object#forEach()
remains
- Added Server#use() which contains the Layer normalization logic
- Added documentation for several middleware
- Added several new examples
- Added less middleware
- Added repl middleware
- Added vhost middleware
- Added flash middleware
- Added cookie middleware
- Added session middleware
- Added
utils.htmlEscape()
- Added
utils.base64Decode()
- Added
utils.base64Encode()
- Added
utils.uid()
- Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26
- Moved mime code to
utils.mime
, exutils.mime.types
, andutils.mime.type()
- Renamed req.redirect() to res.redirect(). Closes #29
- Fixed sass 404 on ENOENT
- Fixed +new Date duplication. Closes #24
- Added workerPidfile() to bin/connect
- Added --workers support to bin/connect stop and status commands
- Added redirect middleware
- Added better --config support to bin/connect. All flags can be utilized
- Added auto-detection of ./config.js
- Added config example
- Added
net.Server
support to bin/connect - Writing worker pids relative to
env.pidfile
- s/parseQuery/parse/g
- Fixed npm support
- Fixed node dependency in package.json, now ">= 0.1.98-0" to support HEAD
- Added
-V, --version
to bin/connect - Added
utils.parseCookie()
- Added
utils.serializeCookie()
- Added
utils.toBoolean()
- Added sass middleware
- Added cookie middleware
- Added format middleware
- Added lint middleware
- Added rest middleware
- Added ./package.json (npm install connect)
- Added
handleError()
support - Added
process.connectEnv
- Added custom log format support to log middleware
- Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url")
- Added -w, --workers to bin/connect
- Added bin/connect support for --user NAME and --group NAME
- Fixed url re-writing support
- Initial release