gofiber/fiber (github.com/gofiber/fiber/v2)
### [`v2.50.0`](https://togithub.com/gofiber/fiber/releases/tag/v2.50.0)
[Compare Source](https://togithub.com/gofiber/fiber/compare/v2.49.2...v2.50.0)
#### โ Breaking Changes
- Change signatures of GetReqHeaders and GetRespHeaders ([#2650](https://togithub.com/gofiber/fiber/issues/2650))
> To allow single and list values under headers according to the [rfc standard](https://datatracker.ietf.org/doc/html/rfc9110#section-5.2)
```diff
- func (c *Ctx) GetReqHeaders() map[string]string
+ func (c *Ctx) GetReqHeaders() map[string][]string
```
```diff
- func (c *Ctx) GetRespHeaders() map[string]string
+ func (c *Ctx) GetRespHeaders() map[string][]string
```
#### ๐ฎ Security
Middleware/csrf: Token Vulnerability (GHSA-mv73-f69x-444p, GHSA-94w9-97p3-p368)
https://docs.gofiber.io/api/middleware/csrf
๐ Improvements to the CSRF middleware:
- Added support for single-use tokens through the `SingleUseToken` configuration option.
- Optional integration with GoFiber session middleware through the `Session` and `SessionKey` configuration options.
- Introduction of origin checks for HTTPS connections to verify referer headers.
- Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without `Session`.
- Enhancement of error handling with more descriptive error messages.
- The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security.
Thank you [@sixcolors](https://togithub.com/sixcolors)
#### ๐ New
- Cookie parser ([#2656](https://togithub.com/gofiber/fiber/issues/2656))
https://docs.gofiber.io/api/ctx#cookieparser
```go
// Field names should start with an uppercase letter
type Person struct {
Name string `cookie:"name"`
Age int `cookie:"age"`
Job bool `cookie:"job"`
}
// Example route
app.Get("/", func(c *fiber.Ctx) error {
p := new(Person)
// This method is similar to BodyParser, but for cookie parameters
if err := c.CookieParser(p); err != nil {
return err
}
log.Println(p.Name) // Joseph
log.Println(p.Age) // 23
log.Println(p.Job) // true
})
```
- Middleware/cors: Allow disabling caching in preflight requests ([#2649](https://togithub.com/gofiber/fiber/issues/2649))
https://docs.gofiber.io/api/middleware/cors#config
```go
// To disable caching completely, pass MaxAge value negative. It will set the Access-Control-Max-Age header 0.
app.Use(cors.New(cors.Config{MaxAge: -1}))
```
- Middleware/session: Add Reset method to Session struct in session middleware ([#2654](https://togithub.com/gofiber/fiber/issues/2654))
https://docs.gofiber.io/api/middleware/session#signatures
```go
// Provide more flexibility in session management, especially in scenarios like repeated user logins
func (s *Session) Reset() error
```
Example usage:
```go
// Initialize default config
// This stores all of your app's sessions
store := session.New()
app.Post("/login", func(c *fiber.Ctx) error {
// Get session from storage
sess, err := store.Get(c)
if err != nil {
panic(err)
}
// ... validate login ...
// Check if the session is fresh
if !sess.Fresh() {
// If the session is not fresh, reset it
if err := sess.Reset(); err != nil {
panic(err)
}
}
// Set new session data
sess.Set("user_id", user.ID)
// Save session
if err := sess.Save(); err != nil {
panic(err)
}
return c.SendString(fmt.Sprintf("Welcome %v", user.ID))
})
```
- Middleware/session: Add Delete method to Store struct in session middleware ([#2655](https://togithub.com/gofiber/fiber/issues/2655))
https://docs.gofiber.io/api/middleware/session#signatures
```go
// Provide more control over individual session management, especially in scenarios
// like administrator-enforced user logout or user-initiated logout from a specific device session
func (s *Store) Delete(id string) error
```
Example usage:
```go
app.Post("/admin/session/:id/logout", func(c *fiber.Ctx) error {
// Get session id from request
sessionID := c.Params("id")
// Delete the session
if err := store.Delete(sessionID); err != nil {
return c.Status(500).SendString(err.Error())
}
return c.SendString("Logout successful")
})
```
#### ๐งน Updates
- Middleware/filesystem: Improve status for SendFile ([#2664](https://togithub.com/gofiber/fiber/issues/2664))
- Middleware/filesystem: Set response code ([#2632](https://togithub.com/gofiber/fiber/issues/2632))
- Refactor Ctx.Method func to improve code readability ([#2647](https://togithub.com/gofiber/fiber/issues/2647))
#### ๐ ๏ธ Maintenance
- Fix loop variable captured by func literal ([#2660](https://togithub.com/gofiber/fiber/issues/2660))
- Run gofumpt and goimports ([#2662](https://togithub.com/gofiber/fiber/issues/2662))
- Use utils.AssertEqual instead of t.Fatal on some tests ([#2653](https://togithub.com/gofiber/fiber/issues/2653))
- Apply go fix ./... with latest version of go in repository ([#2661](https://togithub.com/gofiber/fiber/issues/2661))
- Bump github.com/valyala/fasthttp from 1.49.0 to 1.50.0 ([#2634](https://togithub.com/gofiber/fiber/issues/2634))
- Bump golang.org/x/sys from 0.12.0 to 0.13.0 ([#2665](https://togithub.com/gofiber/fiber/issues/2665))
#### ๐ Fixes
- Path checking on route naming ([#2676](https://togithub.com/gofiber/fiber/issues/2676))
- Incorrect log depth when use log.WithContext ([#2666](https://togithub.com/gofiber/fiber/issues/2666))
- Jsonp ignoring custom json encoder ([#2658](https://togithub.com/gofiber/fiber/issues/2658))
- PassLocalsToView when bind parameter is nil ([#2651](https://togithub.com/gofiber/fiber/issues/2651))
- Parse ips return invalid in abnormal case ([#2642](https://togithub.com/gofiber/fiber/issues/2642))
- Bug parse custom header ([#2638](https://togithub.com/gofiber/fiber/issues/2638))
- Middleware/adaptor: Reduce memory usage by replacing io.ReadAll() with io.Copy() ([#2637](https://togithub.com/gofiber/fiber/issues/2637))
- Middleware/idempotency: Nil pointer dereference issue on idempotency middleware ([#2668](https://togithub.com/gofiber/fiber/issues/2668))
#### ๐ Documentation
- Incorrect status code source ([#2667](https://togithub.com/gofiber/fiber/issues/2667))
- Middleware/requestid: Typo in requestid.md ([#2675](https://togithub.com/gofiber/fiber/issues/2675))
- Middleware/cors: Update docs to better explain AllowOriginsFunc ([#2652](https://togithub.com/gofiber/fiber/issues/2652))
**Full Changelog**: https://github.com/gofiber/fiber/compare/v2.49.2...v2.50.0
Thank you [@KaptinLin](https://togithub.com/KaptinLin), [@Skyenought](https://togithub.com/Skyenought), [@cuipeiyu](https://togithub.com/cuipeiyu), [@dairlair](https://togithub.com/dairlair), [@efectn](https://togithub.com/efectn), [@gaby](https://togithub.com/gaby), [@geerew](https://togithub.com/geerew), [@huykn](https://togithub.com/huykn), [@jimmyl02](https://togithub.com/jimmyl02), [@joey1123455](https://togithub.com/joey1123455), [@joshlarsen](https://togithub.com/joshlarsen), [@jscappini](https://togithub.com/jscappini), [@peczenyj](https://togithub.com/peczenyj) and [@sixcolors](https://togithub.com/sixcolors) for making this update possible.
Configuration
๐ Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
๐ Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.49.2
->v2.50.0
Release Notes
gofiber/fiber (github.com/gofiber/fiber/v2)
### [`v2.50.0`](https://togithub.com/gofiber/fiber/releases/tag/v2.50.0) [Compare Source](https://togithub.com/gofiber/fiber/compare/v2.49.2...v2.50.0) #### โ Breaking Changes - Change signatures of GetReqHeaders and GetRespHeaders ([#2650](https://togithub.com/gofiber/fiber/issues/2650)) > To allow single and list values under headers according to the [rfc standard](https://datatracker.ietf.org/doc/html/rfc9110#section-5.2) ```diff - func (c *Ctx) GetReqHeaders() map[string]string + func (c *Ctx) GetReqHeaders() map[string][]string ``` ```diff - func (c *Ctx) GetRespHeaders() map[string]string + func (c *Ctx) GetRespHeaders() map[string][]string ``` #### ๐ฎ SecurityMiddleware/csrf: Token Vulnerability (GHSA-mv73-f69x-444p, GHSA-94w9-97p3-p368)
https://docs.gofiber.io/api/middleware/csrf ๐ Improvements to the CSRF middleware: - Added support for single-use tokens through the `SingleUseToken` configuration option. - Optional integration with GoFiber session middleware through the `Session` and `SessionKey` configuration options. - Introduction of origin checks for HTTPS connections to verify referer headers. - Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without `Session`. - Enhancement of error handling with more descriptive error messages. - The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security. Thank you [@sixcolors](https://togithub.com/sixcolors)Configuration
๐ Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
๐ Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.