Change the internal representation of Origin to be more allocator
friendly. The internals of the Origin header are now private to allow
changing them in the future.
BREAKING CHANGES:
- Old code that accesses the Origin struct directly will stop working.
Change the internal implementation of some simple headers to make them
more allocator friendly. Also add a constructor method to allow changing
the implementation in the future again.
The headers are:
- Location
- Referrer
- Server
- UserAgent
This change was suggested in [#1104].
BREAKING CHANGES:
- Old code that creates the header structs directly will stop working.
- It's not possible to implement DerefMut for a Cow<'static,str>. Code
that needs to modify header after creation will stop working.
BREAKING CHANGE: The `Url` type is no longer used. Any instance in the
`Client` API has had it replaced with `hyper::Uri`.
This also means `Error::Uri` has changed types to
`hyper::error::UriError`.
The type `hyper::header::parsing::HTTP_VALUE` has been made private,
as an implementation detail. The function `http_percent_encoding`
should be used instead.
1. index out of bounds if semicolon is the last character
2. not a char boundary on non-ASCII input (only allow ASCII now)
Bugs found using `cargo fuzz`
BREAKING CHANGE: The `Preference` header had a typo in a variant and it's string representation,
change `Preference::HandlingLeniant` to `Preference::HandlingLenient`.
Newlines in header values will now be replaced with spaces when being
written to strings or to sockets. This prevents headers that are built
from user data to smuggle unintended headers or requests/responses.
Thanks to @skylerberg for the responsible reporting of this issue, and
helping to keep us all safe!
BREAKING CHANGE: This technically will cause code that a calls
`SetCookie.fmt_header` to panic, as it is no longer to properly write
that method. Most people should not be doing this at all, and all
other ways of printing headers should work just fine.
The breaking change must occur in a patch version because of the
security nature of the fix.
This allows us to improve the performance. For now, a Cow is used
internally, so clients can set the host to a static value and no longer
need copies.
Later, we can change it to also possibly have a MemSlice.
BREAKING CHANGE: The fields of the `Host` header are no longer
available. Use the getter methods instead.
This removes the cookie crate, since it has an optional dependency on
openssl, which can cause massive breakage if toggled on. Instead, the
`Cookie` and `SetCookie` headers now just use a `String`. Anyone can
create any typed header, so it is easy to plug in different
implementations.
BREAKING CHANGE: The `Cookie` and `SetCookie` headers no longer use the
cookie crate. New headers can be written for any header, or the ones
provided in hyper can be accessed as strings.
There are many changes involved with this, but let's just talk about
user-facing changes.
- Creating a `Client` and `Server` now needs a Tokio `Core` event loop
to attach to.
- `Request` and `Response` both no longer implement the
`std::io::{Read,Write}` traits, but instead represent their bodies as a
`futures::Stream` of items, where each item is a `Chunk`.
- The `Client.request` method now takes a `Request`, instead of being
used as a builder, and returns a `Future` that resolves to `Response`.
- The `Handler` trait for servers is no more, and instead the Tokio
`Service` trait is used. This allows interoperability with generic
middleware.
BREAKING CHANGE: A big sweeping set of breaking changes.
Support for strict-origin and strict-origin-when-cross-origin in referer
policy required for imporving network security. This commit will attempt
to add missing pieces of referrer policy.
Closes#891
BREAKING CHANGE: `Headers.remove()` used to return a `bool`,
it now returns `Option<H>`. To determine if a a header exists,
switch to `Headers.has()`.
The Raw type repesents the raw bytes of a header-value.
Having a special type allows a couple of benefits:
- The exact representation has become private, allowing "uglier"
internals. Specifically, since the common case is for a header to only
have 1 line of bytes, an enum is used to skip allocating a Vec for only
1 line. Additionally, a Cow<'static, [u8]> is used, so static bytes
don't require a copy. Finally, since we can use static bytes, when
parsing, we can compare the incoming bytes against a couple of the most
common header-values, and possibly remove another copy.
- As its own type, the `Headers.set_raw` method can be generic over
`Into<Raw>`, which allows for more ergnomic method calls.
BREAKING CHANGE: `Header::parse_header` now receives `&Raw`, instead of
a `&[Vec<u8>]`. `Raw` provides several methods to ease using it, but
may require some changes to existing code.
