-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
12.0.0. Release Notes #2985
Comments
This release note is of exceptional quality! #highfive |
+1 Leaving behind a link to these release notes on the releases page would be pretty useful. |
Thanks for the update and these great release notes. |
good job, will be updating to this one soon |
The code here for qs-style querystring parsing seems to clobber the router's const Url = require('url');
const Qs = require('qs');
const onRequest = function (request, reply) {
const uri = request.raw.req.url;
const parsed = Url.parse(uri, false);
request.setUrl(Object.assign({}, request.url, {
query: Qs.parse(parsed.query)
}));
return reply.continue();
};
server.ext('onRequest', onRequest); CC @hueniverse @nlf in case you'd like to update the release notes. |
Summary
hapi v12.0.0 is a small release focused on removing the framework dependency on the qs module. qs is a URL query string parser with special support for representing complex structures in a simple key=value format. Normally, the query
a[b]=1
will parse into the object{ "a[b]": "1" }
, however when passed through the qs module it results in{ a: { b: "1" } }
. This release removes this feature and reverts it back to simple query string parsing support as well as similar functionality when parsing form-encoded payloads and multipart form submissions (field names). Additional changes include supporting more complex authentication scopes and a minor change toserver.inject()
.Sponsor
The v12.0.0 major release is sponsored by Sideway.
Breaking Changes
query.qs
configuration option.payload.qs
configuration option.parserOptions
argument from therequest.setUrl()
method.!
or+
as those prefix characters now have a special meaning.request.route
(the route public interface)settings.auth
changed to movescope
andentity
inside a newaccess
array.server.inject()
, any HTTP trailers are no longer included inres.headers
but instead are provided underres.trailers
to be consistent with node.request.session
andrequest.auth.session
placeholders (was set tonull
before).New Features
parse()
) torequest.setUrl()
.pendingGenerateTimeout
cache option for reducing calls to the generate method while another is already pending.Promise
when acallback
is not provided.request.info.cors.isOriginMatch
.request.auth
object in validation context.Bug fixes
server.auth.default()
request.raw.res.end()
from being called twice.Updated dependencies
Migration Checklist
qs
You don't have to change anything if you are not using the special qs format in:
?
and the#
).There are a few easy ways of identifying if you are expecting this special format:
[]
characters (as well as.
if you enable that custom feature of qs).qs
configuration options or you pass a third argument torequest.setUrl()
.{ a: { b: 1 } }
). If this is set on a payload rule, check if you expect form-encoded submissions to that endpoint along with normal JSON.Checklist:
Check out the new hapi-qs plugin which incorporates the code below into a simple plugin form. If you prefer to use custom code, apply the code snippets below.
If you want to parse qs formatted query strings, add this to your server code:
If you previously used the
connection.query.qs
configuration option, pass that setting to theQs.parse()
method above.If you want to parse qs formatted field names in payloads, add this to your server code:
If you previously used the
route.payload.qs
configuration option, pass that setting to theQs.parse()
method above.Note that these code examples are based on simple setups and may require adjustments for your environment.
Authentication scope and entity changes
While the existing route authentication configuration is still supported (for the time being), the
scope
andentity
keys moved fromconfig.auth
toconfig.auth.access
. For example:Should now be expressed as:
The
access
config can now take an array of objects, each providing a different combination of entity and scopes. This is useful if you want to require a different scope for application accounts from user accounts.The
scope
config now supports two special prefix characters:+
for required scope strings and!
for forbidden scope strings. For example, the scope['!a', '+b', 'c', 'd']
means the incoming request credentials' scope must not include 'a', must include 'b', and must include one of 'c' or 'd'.Checklist:
scope
configs in your code and make sure you do not use+
or!
in your strings.entity
andscope
includeaccess
to prepare for future changes (nor required at this point).request.route
,server.handler()
,server.lookup()
,server.match()
, orserver.on('route')
, and you access thescope
orentity
settings, look for them underaccess.scope
andaccess.entity
.Misc
res.headers
when usingserver.inject()
, userres.trailers
instead. The hapi-auth-hawk module uses trailers but this change only affects the module tests.request.session
orrequest.auth.session
for equality tonull
, test forundefined
instead as they are no longer initialized tonull
. This is only likely if you wrote your own session manager (instead of using hapi-auth-cookie or yar.The text was updated successfully, but these errors were encountered: