[ViewVC] Contents of: cvs/AnyEvent-HTTP/Changes

Revision history for AnyEvent::HTTP

TODO: provide lwp_request function that takes an lwp http requets and returns a http response.
TODO: set_proxy hook
TODO: use proxy hook
TODO: on_upgrade, for 101 responses?
TODO: document session vs. sessionid correctly.
TODO: support proxy username:password in both proxy switch and set_proxy string (dzagashev@gmail.com)
TODO: remove "unexpectedly got a destructed handle"

TODO: maybe read big chunks in smaller portions for chunked-encoding + on_body.
TODO: callback as body (Kostirya)
TODO: infinite recursion(?) (Kostirya)
TODO: default rbuf_max value maybe? how about reading large chunks in small parts?
TODO: servers send empty reason, which then gets mangled with linear whitespace CRLF - maybe workaround?

TODO: look into http 0.9 support (Kostirya <kostirya@gmail.com>)
TODO: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&%23038;d=PG01&%23038;p=1&%23038;u=/netahtml/PTO/srchnum.html&%23038;r=1&%23038;f=G&%23038;l=50&%23038;s1="20110298798".PGNR.&%23038;OS=DN/20110298798&%23038;RS=DN/20110298798
TODO: cookie_jar_extract should refuse when host is an ip literal
TODO: cookie_jar_et_cookie should reject cookies not matching their down server domain
TODO: cookie prefixes? https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00
TODO: default rbuf_max limit for header-reading, chunk header reading etc.

2.25 Mon Apr 27 14:11:40 CEST 2020
        - fix incorrectly sending proxy requests to origin servers
          when reusing proxy connections (analyzed and testcase by Ivan Robert).
        - the sessionid parameter was documented as session in random
          places - fix docs and keep using sessionid in the code as before.
        - fix cookie format documentation.

2.24 Thu Aug 30 03:23:03 CEST 2018
        - bring cookie management more in line with RFC 6265; implement idn
          matching for cookie domains.
        - update cookie_jar version to 2, invalidate existing cookie jars.
        - preserve original cookie domain attribute.
        - also expire old cookie jars in cookie parser, just in case.
        - further improve relative redirection code.
        - comment out code that tried to detect possible bugs with persistent
          connection caching, but since it never triggered, it's probably
          working fine :)
        - do not call on_body callback on a response that AE::HTTP will recurse
          on internally (reported by Антон Онуфриев and Ruslan Zakirov).

2.23 Sun Aug 28 11:30:33 CEST 2016
        - relative redirects used the proxy schema instead of the request
          url schema to generate the new url, which is wrong (analyzed by Felix
          Ostmann).
        - fix download example (reported by Felix Ostmann).

2.22 Thu May 14 04:04:03 CEST 2015
        - ipv6 literals were not correctly parsed (analyzed by Raphael Geissert).
        - delete the body when mutating request to GET request when
          redirecting (reported by joe trader).
        - send proxy-authorization header to proxy when using CONNECT
          (reported by dzagashev@gmail.com).
        - do not send Proxy-Authroization header when not using a proxy.
        - when retrying a persistent request, switch persistency off.
        - added t/02_ip_literals.t.

2.21 Mon Jun  9 01:35:54 CEST 2014
        - correctly keep body when redirecting POSTs, instead of
          deleting them.

2.2  Mon Jun  9 01:31:46 CEST 2014
        - connection header was malformed (patch by Raphael Geissert).
        - add lots of known idempotent methods from httpbis.
        - implement relative location headers (rfc 7231), with fallback on URI.
        - add support for status code 308 from rfc 7238.
        - recommend URI.

2.15 Wed Nov 14 23:22:07 CET 2012
        - use the recurse parameter to also limit the number of retries to be
          done, avodiing endless loops with broken servers, as reported
          by Carl Chambers.

2.14 Sun Apr 22 14:57:51 CEST 2012
        - Time::Local::timegm croaks on out-of-range values. Don't let
          this disturb AnyEvent::HTTP (reported by: tell me, I forgot...).

2.13 Wed Jul 27 17:53:58 CEST 2011
        - garbled chunked responses caused AnyEvent::HTTP to malfunction
          (patch by Dmitri Melikyan).
        - fix GET => HEAD in one case in the documentation (James Bromberger).

2.12 Tue Jun 14 07:22:54 CEST 2011
        - fix a possible 'Can't call method "destroyed"' error (which would
          have been reported by Carl Chambers).

2.11 Tue May 10 14:33:28 CEST 2011
        - the keepalive session cache wouldn't take port and scheme into account
          when reusing connection - potentially causing information leaks
          (reported by Nick Kostirya).
        - bump AnyEvent dependency version (reported by Richard Harris).

2.1  Thu Feb 24 13:11:51 CET 2011
        - the keepalive and persistent parameters were actually named
          differently in the code - they now work as documented.
        - fix a bug where callbacks would sometimes never be called when
          the request timeout is near or below the persistent connection
          timeout (testcase by Cindy Wang).
        - destroying the guard would have no effect when a request was
          recursing or being retired.

2.04 Sat Feb 19 07:45:24 CET 2011
        - "proxy => undef" now overrides any global proxy when specified.
        - require scheme in urls, also use a stricter match to match urls,
          leading or trailing garbage is no longer tolerated.
        - EXPERIMENTAL: allow '=' in cookie values.

2.03 Tue Jan 18 18:49:35 CET 2011
        - dummy reupload, file gone from cpan somehow.

2.02 Wed Jan 12 04:29:37 CET 2011
        - do not lowercase cookie names, only parameter names.

2.01 Tue Jan 11 07:38:15 CET 2011
        - add missing dependency on common::sense.
        - add a resume download example.

2.0  Tue Jan  4 09:16:56 CET 2011
        - hopefully fully upgraded to HTTP/1.1.
        - support HTTP/1.1 persistent and HTTP/1.0 keep-alive connections.
        - drop https-proxy-connection support. seems unused and ill-specified.
        - use more differentiated 59x status codes.
        - properly use url (not proxy) hostname to verify server certificate.
        - much improved cookie implementation:
           - properly implement cookie expiry (for new cookies).
           - new function to expire cookies and sessions: cookie_jar_expire.
           - add special exception to parse broken expires= keys in
             set-cookie headers.
           - do not quote cookie values when not strictly necessary, to
             improve compatibility with broken servers.
           - accept and send lots of invalid cookie values exactly as
             they were received - this should not impact valid values.
           - lowercase cookie parameter names for improved compatibility.
           - support the max-age cookie parameter, overrides expires.
           - support cookie dates (and a few others) in parse_date.
           - properly support value-less parameters (e.g. secure, httponly).
        - do not send Host: header in a proxy CONNECT request.
        - use common::sense.
        - lowercase hostnames and schemes.
        - ignore leading zeroes in http version.
        - handle spaces in content-length headers more gracefully.

1.5  Fri Dec 31 04:47:08 CET 2010
        - bugfix: after headers were received, if any error occured the wrong
          (server-sent) Status and Reason fields would be passed to the callback.
        - when an error occurs during transfer, preserve status/reason.
        - add socks4a connect example.
        - new "tcp_connect" parameter.
        - new format_date and parse_date functions.
        - diagnose unexpected eof as such when the length is known.
        - add 205 to the responses without body.

1.46 Mon Sep  6 08:29:34 CEST 2010
        - some (broken) servers differentiate between empty search parts
          and nonexistant search parts, work around this (problem
          analyzed by Sergey Zasenko).
        - possibly increase robustness by always setting an on_error
          callback on the AnyEvent::Handle object (especially in case
          of user errors, such as nehative timeouts).
        - we now always follow 301/302/303 redirects and mutate POST to GET.
        - we now always follow 307 redirects, even for POST.
        - header-less responses are not parsed correctly (at a negative
          speed penatly :).

1.45 Wed Jun 16 21:15:26 CEST 2010
        - fix a bug where the handle would go away directly after a successful
          connect (analyzed and patch by Maxim Dounin).
        - due to popular demand, introduce the Redirect pseudo response header.
        - document URL pseudo-header better.
        - explain how to implement DNS caching.

1.44 Sat Dec  5 16:36:20 CET 2009
        - do not generate content-length on get requests (if the body is empty),
          as there are even more broken servers out there.
        - allow set_proxy to clear the proxy again.
        - set_proxy will now croak on invalid urls.
        - support overriding the Host-header (requested by Tatsuhiko Miyagawa).

1.43 Fri Aug 14 17:02:02 CEST 2009
        - provide on_prepare callback on common request.

1.42 Wed Aug  5 18:43:01 CEST 2009
        - allow suppression of auto-supplied header fields by specifying undef
          (requested by Mr Guest).
        - allow proxy scheme to be missing, as documented
          (reported by Mr Guest).
        - do not follow redirects if we do not have a location header
          (requested by Mr Guest).

1.41 Sat Jul 25 03:27:05 CEST 2009
        - correctly parse completely headerless responses (e.g. by gatling).
          (analysed by Robin Redeker).

1.4  Tue Jul  7 02:14:53 CEST 2009
        - http_request would not instantly clear the connection slot on
          tcp_connect failures, potentially leading to deadlocks.
        - fix a bug where a connection error is wrongly reported
          as EINPROGRESS.
        - new parameters: on_header, on_body, want_body_handle.
        - redirects will be followed when recurse is enabled whether or not
          the body dowload was successful or not.
        - include :port in Host header when given in the url (many sites break
          when it's always there, and many break if it's missing...).
        - pass the empty string, not undef, when there is no body but
          no error occured.
        - allow passing of tls_ctx, predefine two https security profiles.
        - ucfirst all error messages generated internally.
        - include "U" token in User-Agent.
        - document $AnyEvent::HTTP::MAX_PER_HOST.
        - allow empty field names in response headers (microsoft hits. microsoft
          hits. microsoft hits. you die).

1.12 Thu Jun 11 14:45:18 CEST 2009
        - $scheme wasn't optional in the proxy specification (reported by
          Felix Antonius Wilhelm Ostmann).

1.11 Fri Nov 21 09:18:11 CET 2008
        - work around a perl core bug not properly refcounting function arguments,
          causing "200 OK" with random body results (reported by Дмитрий Шалашов).

1.1  Thu Oct 30 04:46:27 CET 2008
        - work around different behaviour of AnyEvent::Handle in TLS mode.
        - cleanup cookie implementation, many examples and comments were
          provided by Дмитрий Шалашов.
        - document the return values of http_* functions better.
        - separate multiple header values by "," not "\x00" (this does not
          break correctly written users of the old API).
        - improve Set-Cookie: parsing.
        - add experimental https-over-http-proxy support.
        - downgrade https-over-https proxy to https-over-http.
        - ignore spurious CR characters in headers, they show up
          in the weirdest of places.
        - ucfirst the request headers, for a slightly less weird look.
        - work around (some) memleaks in perl regarding qr.

1.05 Mon Sep 29 15:49:58 CEST 2008
        - fix a regex when parsing cookie domains
          (patch by Дмитрий Шалашов).

1.04 Thu Jul 24 08:00:46 CEST 2008
        - parse reason-less http status responses.
        - parse more forms of broken location headers.

1.03 Thu Jul  3 03:47:58 CEST 2008
        - fix http_post, which was totally broken (patch by Pedro Melo).
        - do not recurse on POST requests, as per HTTP/1.[01] (this might
          change as the recommendation isn't followed by anybody else).
        - implement preliminary support for 303/307 redirects.

1.02 Thu Jun 12 13:50:08 CEST 2008
        - make the request URL available in the callback of http_request.
        - export http_post, http_head.

1.01 Fri Jun  6 14:56:37 CEST 2008
        - fixed prototypes for http_* functions

1.0  Thu Jun  5 20:41:43 CEST 2008
        - original version, an AnyEvent::AIO clone.
Revision:	1.97
Committed:	Mon Apr 27 12:14:12 2020 UTC (4 years ago) by root
Branch:	MAIN
CVS Tags:	rel-2_25
Changes since 1.96:	+4 -1 lines
Log Message:	2.25
#	Content
1	Revision history for AnyEvent::HTTP
2
3	TODO: provide lwp_request function that takes an lwp http requets and returns a http response.
4	TODO: set_proxy hook
5	TODO: use proxy hook
6	TODO: on_upgrade, for 101 responses?
7	TODO: document session vs. sessionid correctly.
8	TODO: support proxy username:password in both proxy switch and set_proxy string (dzagashev@gmail.com)
9	TODO: remove "unexpectedly got a destructed handle"
10
11	TODO: maybe read big chunks in smaller portions for chunked-encoding + on_body.
12	TODO: callback as body (Kostirya)
13	TODO: infinite recursion(?) (Kostirya)
14	TODO: default rbuf_max value maybe? how about reading large chunks in small parts?
15	TODO: servers send empty reason, which then gets mangled with linear whitespace CRLF - maybe workaround?
16
17	TODO: look into http 0.9 support (Kostirya <kostirya@gmail.com>)
18	TODO: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&%23038;d=PG01&%23038;p=1&%23038;u=/netahtml/PTO/srchnum.html&%23038;r=1&%23038;f=G&%23038;l=50&%23038;s1="20110298798".PGNR.&%23038;OS=DN/20110298798&%23038;RS=DN/20110298798
19	TODO: cookie_jar_extract should refuse when host is an ip literal
20	TODO: cookie_jar_et_cookie should reject cookies not matching their down server domain
21	TODO: cookie prefixes? https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00
22	TODO: default rbuf_max limit for header-reading, chunk header reading etc.
23
24	2.25 Mon Apr 27 14:11:40 CEST 2020
25	- fix incorrectly sending proxy requests to origin servers
26	when reusing proxy connections (analyzed and testcase by Ivan Robert).
27	- the sessionid parameter was documented as session in random
28	places - fix docs and keep using sessionid in the code as before.
29	- fix cookie format documentation.
30
31	2.24 Thu Aug 30 03:23:03 CEST 2018
32	- bring cookie management more in line with RFC 6265; implement idn
33	matching for cookie domains.
34	- update cookie_jar version to 2, invalidate existing cookie jars.
35	- preserve original cookie domain attribute.
36	- also expire old cookie jars in cookie parser, just in case.
37	- further improve relative redirection code.
38	- comment out code that tried to detect possible bugs with persistent
39	connection caching, but since it never triggered, it's probably
40	working fine :)
41	- do not call on_body callback on a response that AE::HTTP will recurse
42	on internally (reported by Антон Онуфриев and Ruslan Zakirov).
43
44	2.23 Sun Aug 28 11:30:33 CEST 2016
45	- relative redirects used the proxy schema instead of the request
46	url schema to generate the new url, which is wrong (analyzed by Felix
47	Ostmann).
48	- fix download example (reported by Felix Ostmann).
49
50	2.22 Thu May 14 04:04:03 CEST 2015
51	- ipv6 literals were not correctly parsed (analyzed by Raphael Geissert).
52	- delete the body when mutating request to GET request when
53	redirecting (reported by joe trader).
54	- send proxy-authorization header to proxy when using CONNECT
55	(reported by dzagashev@gmail.com).
56	- do not send Proxy-Authroization header when not using a proxy.
57	- when retrying a persistent request, switch persistency off.
58	- added t/02_ip_literals.t.
59
60	2.21 Mon Jun 9 01:35:54 CEST 2014
61	- correctly keep body when redirecting POSTs, instead of
62	deleting them.
63
64	2.2 Mon Jun 9 01:31:46 CEST 2014
65	- connection header was malformed (patch by Raphael Geissert).
66	- add lots of known idempotent methods from httpbis.
67	- implement relative location headers (rfc 7231), with fallback on URI.
68	- add support for status code 308 from rfc 7238.
69	- recommend URI.
70
71	2.15 Wed Nov 14 23:22:07 CET 2012
72	- use the recurse parameter to also limit the number of retries to be
73	done, avodiing endless loops with broken servers, as reported
74	by Carl Chambers.
75
76	2.14 Sun Apr 22 14:57:51 CEST 2012
77	- Time::Local::timegm croaks on out-of-range values. Don't let
78	this disturb AnyEvent::HTTP (reported by: tell me, I forgot...).
79
80	2.13 Wed Jul 27 17:53:58 CEST 2011
81	- garbled chunked responses caused AnyEvent::HTTP to malfunction
82	(patch by Dmitri Melikyan).
83	- fix GET => HEAD in one case in the documentation (James Bromberger).
84
85	2.12 Tue Jun 14 07:22:54 CEST 2011
86	- fix a possible 'Can't call method "destroyed"' error (which would
87	have been reported by Carl Chambers).
88
89	2.11 Tue May 10 14:33:28 CEST 2011
90	- the keepalive session cache wouldn't take port and scheme into account
91	when reusing connection - potentially causing information leaks
92	(reported by Nick Kostirya).
93	- bump AnyEvent dependency version (reported by Richard Harris).
94
95	2.1 Thu Feb 24 13:11:51 CET 2011
96	- the keepalive and persistent parameters were actually named
97	differently in the code - they now work as documented.
98	- fix a bug where callbacks would sometimes never be called when
99	the request timeout is near or below the persistent connection
100	timeout (testcase by Cindy Wang).
101	- destroying the guard would have no effect when a request was
102	recursing or being retired.
103
104	2.04 Sat Feb 19 07:45:24 CET 2011
105	- "proxy => undef" now overrides any global proxy when specified.
106	- require scheme in urls, also use a stricter match to match urls,
107	leading or trailing garbage is no longer tolerated.
108	- EXPERIMENTAL: allow '=' in cookie values.
109
110	2.03 Tue Jan 18 18:49:35 CET 2011
111	- dummy reupload, file gone from cpan somehow.
112
113	2.02 Wed Jan 12 04:29:37 CET 2011
114	- do not lowercase cookie names, only parameter names.
115
116	2.01 Tue Jan 11 07:38:15 CET 2011
117	- add missing dependency on common::sense.
118	- add a resume download example.
119
120	2.0 Tue Jan 4 09:16:56 CET 2011
121	- hopefully fully upgraded to HTTP/1.1.
122	- support HTTP/1.1 persistent and HTTP/1.0 keep-alive connections.
123	- drop https-proxy-connection support. seems unused and ill-specified.
124	- use more differentiated 59x status codes.
125	- properly use url (not proxy) hostname to verify server certificate.
126	- much improved cookie implementation:
127	- properly implement cookie expiry (for new cookies).
128	- new function to expire cookies and sessions: cookie_jar_expire.
129	- add special exception to parse broken expires= keys in
130	set-cookie headers.
131	- do not quote cookie values when not strictly necessary, to
132	improve compatibility with broken servers.
133	- accept and send lots of invalid cookie values exactly as
134	they were received - this should not impact valid values.
135	- lowercase cookie parameter names for improved compatibility.
136	- support the max-age cookie parameter, overrides expires.
137	- support cookie dates (and a few others) in parse_date.
138	- properly support value-less parameters (e.g. secure, httponly).
139	- do not send Host: header in a proxy CONNECT request.
140	- use common::sense.
141	- lowercase hostnames and schemes.
142	- ignore leading zeroes in http version.
143	- handle spaces in content-length headers more gracefully.
144
145	1.5 Fri Dec 31 04:47:08 CET 2010
146	- bugfix: after headers were received, if any error occured the wrong
147	(server-sent) Status and Reason fields would be passed to the callback.
148	- when an error occurs during transfer, preserve status/reason.
149	- add socks4a connect example.
150	- new "tcp_connect" parameter.
151	- new format_date and parse_date functions.
152	- diagnose unexpected eof as such when the length is known.
153	- add 205 to the responses without body.
154
155	1.46 Mon Sep 6 08:29:34 CEST 2010
156	- some (broken) servers differentiate between empty search parts
157	and nonexistant search parts, work around this (problem
158	analyzed by Sergey Zasenko).
159	- possibly increase robustness by always setting an on_error
160	callback on the AnyEvent::Handle object (especially in case
161	of user errors, such as nehative timeouts).
162	- we now always follow 301/302/303 redirects and mutate POST to GET.
163	- we now always follow 307 redirects, even for POST.
164	- header-less responses are not parsed correctly (at a negative
165	speed penatly :).
166
167	1.45 Wed Jun 16 21:15:26 CEST 2010
168	- fix a bug where the handle would go away directly after a successful
169	connect (analyzed and patch by Maxim Dounin).
170	- due to popular demand, introduce the Redirect pseudo response header.
171	- document URL pseudo-header better.
172	- explain how to implement DNS caching.
173
174	1.44 Sat Dec 5 16:36:20 CET 2009
175	- do not generate content-length on get requests (if the body is empty),
176	as there are even more broken servers out there.
177	- allow set_proxy to clear the proxy again.
178	- set_proxy will now croak on invalid urls.
179	- support overriding the Host-header (requested by Tatsuhiko Miyagawa).
180
181	1.43 Fri Aug 14 17:02:02 CEST 2009
182	- provide on_prepare callback on common request.
183
184	1.42 Wed Aug 5 18:43:01 CEST 2009
185	- allow suppression of auto-supplied header fields by specifying undef
186	(requested by Mr Guest).
187	- allow proxy scheme to be missing, as documented
188	(reported by Mr Guest).
189	- do not follow redirects if we do not have a location header
190	(requested by Mr Guest).
191
192	1.41 Sat Jul 25 03:27:05 CEST 2009
193	- correctly parse completely headerless responses (e.g. by gatling).
194	(analysed by Robin Redeker).
195
196	1.4 Tue Jul 7 02:14:53 CEST 2009
197	- http_request would not instantly clear the connection slot on
198	tcp_connect failures, potentially leading to deadlocks.
199	- fix a bug where a connection error is wrongly reported
200	as EINPROGRESS.
201	- new parameters: on_header, on_body, want_body_handle.
202	- redirects will be followed when recurse is enabled whether or not
203	the body dowload was successful or not.
204	- include :port in Host header when given in the url (many sites break
205	when it's always there, and many break if it's missing...).
206	- pass the empty string, not undef, when there is no body but
207	no error occured.
208	- allow passing of tls_ctx, predefine two https security profiles.
209	- ucfirst all error messages generated internally.
210	- include "U" token in User-Agent.
211	- document $AnyEvent::HTTP::MAX_PER_HOST.
212	- allow empty field names in response headers (microsoft hits. microsoft
213	hits. microsoft hits. you die).
214
215	1.12 Thu Jun 11 14:45:18 CEST 2009
216	- $scheme wasn't optional in the proxy specification (reported by
217	Felix Antonius Wilhelm Ostmann).
218
219	1.11 Fri Nov 21 09:18:11 CET 2008
220	- work around a perl core bug not properly refcounting function arguments,
221	causing "200 OK" with random body results (reported by Дмитрий Шалашов).
222
223	1.1 Thu Oct 30 04:46:27 CET 2008
224	- work around different behaviour of AnyEvent::Handle in TLS mode.
225	- cleanup cookie implementation, many examples and comments were
226	provided by Дмитрий Шалашов.
227	- document the return values of http_* functions better.
228	- separate multiple header values by "," not "\x00" (this does not
229	break correctly written users of the old API).
230	- improve Set-Cookie: parsing.
231	- add experimental https-over-http-proxy support.
232	- downgrade https-over-https proxy to https-over-http.
233	- ignore spurious CR characters in headers, they show up
234	in the weirdest of places.
235	- ucfirst the request headers, for a slightly less weird look.
236	- work around (some) memleaks in perl regarding qr.
237
238	1.05 Mon Sep 29 15:49:58 CEST 2008
239	- fix a regex when parsing cookie domains
240	(patch by Дмитрий Шалашов).
241
242	1.04 Thu Jul 24 08:00:46 CEST 2008
243	- parse reason-less http status responses.
244	- parse more forms of broken location headers.
245
246	1.03 Thu Jul 3 03:47:58 CEST 2008
247	- fix http_post, which was totally broken (patch by Pedro Melo).
248	- do not recurse on POST requests, as per HTTP/1.[01] (this might
249	change as the recommendation isn't followed by anybody else).
250	- implement preliminary support for 303/307 redirects.
251
252	1.02 Thu Jun 12 13:50:08 CEST 2008
253	- make the request URL available in the callback of http_request.
254	- export http_post, http_head.
255
256	1.01 Fri Jun 6 14:56:37 CEST 2008
257	- fixed prototypes for http_* functions
258
259	1.0 Thu Jun 5 20:41:43 CEST 2008
260	- original version, an AnyEvent::AIO clone.