Releases: nette/http
Releases · nette/http
Released version 3.1.5
- SessionExtension: added values 'always' & 'never' for option 'autoStart'
- Session: option 'autoStart' controls auto start on reading or writing (BC break)
- Session: added
autoStart()to prevent session files from being created when the session id is spoofed - SessionSection:
remove()is not writing operation - SessionSection: added methods
set(),get(),remove() - Session: refactoring
- Session: cleaning is done in __destruct
- Session: don't send session cookie twice
- Session: don't regenerate ID in readAndClose mode
- Session: added events $onStart & $onBeforeWrite
- Session: fixed condition in
clean()
Released version 3.0.7
- SessionExtension: default is autoStart = false to avoid creating new session files if the session_id is spoofed (BC break)
- SessionSection: added methods
set(),get(),remove() - Session: don't send session cookie twice
- Session: don't regenerate ID in readAndClose mode
- Session: fixed condition in
clean()
Released version 3.1.2
Released version 3.0.6
- HttpExtension: added option 'disableNetteCookie' #205
- Session: fixed option 'readAndClose' #206
- Session: fixed condition in
destroy()(#204) - RequestFactory: urlFilters replaces only double // to single
- RequestFactory: strips trailing . from host
- Helpers: nette-samesite is resent at each request
- IResponse: added constants SAME_SITE_*
- ScriptUrl: Fix class extendability (#187) (#188)
Released version 3.1.1
Released version 3.1.0
- requires PHP 7.2
- Response::setCookie() default $sameSite is 'Lax' (BC break)
- Response::setCookie() prevents an inappropriate combination of path and domain
- Response: deprecated $cookieHttpOnly
- Request::getFile() accepts array of keys and returns FileUpload|null (BC break)
- FileUpload::getImageSize() returns only [x, y] values (BC break)
- UrlImmutable: added withQueryParameter()
- Url: silently deprecated getBasePath(), getBaseUrl(), getRelativeUrl()
- UserStorage is deprecated by Nette\Bridges\SecurityHttp\SessionStorage
Session & Cookies
- Session: default sameSite is 'Lax' (BC break)
- SessionExtension: option session.cookieSecure is deprecated, http.cookieSecure is used (BC break)
- SessionExtension: checks that cookieSamesite is Lax|Strict|None (BC break)
- SessionSection: can read data when session is closed
- Session: deprecated getCookieParameters() triggers E_USER_DEPRECATED
- HttpExtension: added options cookiePath & cookieDomain
- HttpExtension: cookieSecure is by default 'auto' (BC break)
- cookie
nette-samesiterenamed to_nss
Released version 2.4.12
compatible with PHP 8.0
Released version 3.0.5
- compatible with PHP 8.0
- FileUpload: added
getImageFileExtension() - FileUpload: added
getUntrustedName()as alias forgetName() - FileUpload::getSanitizedName: returns correct file extension for images
- FileUpload: fixed TypeError if
getimagesize()returns false (#184) - FileUpload::getSanitizedName: Remove redundant minus before dot. (#179)
- FileUpload::getSanitizedName: returns 'unknown' instead of empty string
- Helpers::
initCookie()sends cookie nette-samesite only if doesn't exist
For the details you can have a look at the diff.
Released version 3.0.4
Released version 3.0.3
- HttpExtension: added support for 'http:' in CSP
- Session: prevents warning Cannot change session cookie parameters when session is active
- Url::
parseQuery()accepts separator ; - IResponse: added REASON_PHRASES
- HttpExtension: 'proxy' can be string
For the details you can have a look at the diff.