Changelog
Added
provide request info as a HAR file if
flat/collect-request-info
is enabled
Fixed
More helpful error message for misspelled type names in
Swagger schemas
don't leak Authorization in FLAT::getRequestInfo()
fixed a mixup of JSON DOM representation styles
Added
Fixed
set-env
now does not produce unnecessary quotes for numeric valuesProblem in the
split()
function, if called with a string containing an ampersandSend
Vary: Origin
response headers for non-preflight requests if CORS is enabled butOrigin
was not sent
Added
The
scope-claim
andpost-check-flow
propertiesSpecifying the required token scope
Merging directives into
php.ini
via environment variables
Fixed
Path parameters were not usable in error flows
Added
FLAT_DEBUG_ALLOW_HEADER
to enable debugging using theDebug
request header, defaults tofalse
The request option
force-cache-refresh
The
cacheHit
property in the upstream response information ($upstream
)
Fixed
Empty objects are no longer logged as empty arrays.
The
json-to-csv()
function allowsnull
values in array entry objects.
Changed
The log
action can no longer override system log fields.
Added
Beta image now publicly available. More about Docker images…
Warnings in debug log about invalid Swagger definitions
The
error
actionadditional configuration options for the PHP-FPM process management
out-header
property for easy JWT forwarding
Fixed
Calls to the
content()
function affecting the result of thebody()
function
Added
Swagger
security
requirements can now also be specified at the path level.x-flat-proxy
to configure proxies without a flowEnhanced
proxy-request
action withorigin
,query
,stripEndpoint
andaddPrefix
properties
Fixed
If a client URL path is below the API base path, does not match any defined route, and a path is defined which equals the API base path, so that a matching client URL path is the concatenation of the API base path with itself (e.g.
/api/api
if thebasePath
is/api
), the fallback flow is now properly executed.Some PEM formatted keys could not be recognized during JWT processing.
Multi-line values for environment variables are now supported.
Changed
If the
definition
request option is given with either aproxy-request
action orx-flat-proxy
, the defaults for theexit-on-error
,validate-request
andvalidate-response
request options are changed totrue
.
Added
The FLAT revision is shown when FLAT is started and is available in
$env/FLAT_REVISION
Changed
Enhanced
flat_access
log with new fields
Fixed
When testing multiple test files with
flat test
, each test now tests its own response.Fatal errors when using certain combinations of
jwt-decode()
and<eval/>
Fixed
Environment variables are shown in the debug log if the debug topic is
env
With activated upstream validation, a missing
definition
option or adefinition
value referencing a non-existant resource now results in a 500 response with a proper error message.Swagger security scheme objects without
x-flat-jwt
are ignored for security checks.
Added
Changed
set-response-headers
action now accepts the empty object{}
Reading
swagger.yaml
is faster because of caching
Added
Validation for
application/x-www-form-urlencoded
encodedformData
parametersThe
proxy-request
actionThe functions
verify-xmldsig()
anddecrypt-xml()
.
Fixed
Parameter handling of the functions
decrypt()
andcalc-signature()
.
Changed
Padding scheme for
encrypt()
anddecrypt()
to RSAES-OAEP.Relative paths in the
json-doc()
function are resolved relative to the flow file's path.
Added
The Swagger extension
x-flat-validate
is now also recognized belowpaths/<path>
andpaths/<path>/<operation>
.The
force-cache-ttl
request option
Changed
Only allow operations defined in OpenAPI version 2.0 to be used in the
swagger.yaml
Fixed
The default value for the
use-http-cache
request option is now false, even if no request options are configured.Segmentation fault (or double free) when eval is used to assign nodes from a node-set variable to another variable
Added
The functions
apply-codecs()
,encrypt()
,decrypt()
,calc-signature()
andverify-signature()
The function
file-exists()
The
$error
variable is set andexit-on-error
/error flow
handling is triggered if a request error occursMore environment variables for system configuration and tuning
If a path in
swagger.yaml
ends with/**
, this entry matches the given path as well as arbitrary paths below it.
Changed
Swagger validation now gracefully accepts empty objects in the definition.
Logging of template results for more flow actions
Fixed
Some alert messages were logged twice
Evaluating an undefined or
null
variable, as a string, now returns the empty string instead of the stringnull
Incorrect default content-type
text/xml
for request bodiesThe
set-response-headers
action now replacesCache-Control
headers instead of merging themThe
serve
action now correctly handles whitespace and other URL-Encoded characters in the name of thefallback-doc
Added
Swagger definition supports
discriminator
, JSON schema$id
references and JSON schemapropertyNames
The
array-reverse()
andsort()
,xml-parse()
andhtml-parse()
functionsValidation of the
request
,requests
andset-response-headers
action JSON bodiesThe expected result in an
assert
action's assertion can now benull
The
log
action, theget-log()
function
Changed
Fixed
The
report-only
validation modesThe
exit-on-error
,mock
andvalidate
request options also for XML-configured requestsRelative paths for e.g.
in
withcopy
inbackend-flows
Added
The
$error
variable containing error information for client request/response validation errorsThe error flow, called if an error occurs, and referenced by
flow
inx-flat-error
in the swagger.yamlThe
exit-on-error
request option (for JSON-configured requests) to trigger the error flowAn additional parameter
algorithm
for thejwt-decode()
function to limit the acceptable signing algorithms. Mandatory for RSASSA based signaturesThe
contains
andpattern
compare flags for theassert
actionThe
flat test
Framework withassert
,test-request
,backend-flow
andset-env
actionsThe
json-stringify()
andjson-parse()
functions
Changed
The default
User-Agent
for upstream requests isFLAT
Unless
terminate="false"
is set, theserve
action will terminate the flowFor the
request
action: values inheaders
may now also be numeric or booleanIf the signature cannot be created, the
jwt-encode()
function returns an empty string and an error message is loggedThe
key
for thejwt-encode()
andjwt-decode()
functions must not be emptyHTML error page only if HTML is accepted; plain text otherwise
Fixed
Fatal error when creating requests with
null
query parameterFatal error when creating requests with invalid body source
Requests are now rejected if upstream validation is enabled, but no
definition
option is configured or the given definition is not foundThe results of the
split()
function can now be used as input forjoin()
orfit-serialize()
Last updated