The following dependencies were updated:
* `criterion` from 0.3 to 0.4
* `deadpool-redis` from 0.10 to 0.11
* `normpath` from 0.3 to 1
* `cookie` from 0.16 to 0.17
Adds an `ip_header` configuration parameter that allows modifying the
header Rocket attempts to use to retrieve the "real IP" address of the
client via `Request` methods like `client_ip()`. Additionally allows
disabling the use of any such header.
The core improvement is that `Rocket::launch()` now resolves to
`Ok(Rocket<Ignite>)` on nominal shutdown. Furthermore, shutdown never
terminates the running process.
Other changes directly related to shutdown:
* Runtime worker thread names are now irrelevant to graceful shutdown.
* `ErrorKind::Runtime` was removed; `ErrorKind::Shutdown` was added.
* The `force` config value is only read from the default provider.
* If `force`, Rocket's constructed async runtime is terminated.
Other related changes:
* The exported `hyper` module docs properly reflect public re-exports.
The previous implementation allowed a trivial DoS attack in which the
client need simply maintain open connections with incomplete handshakes.
This commit resolves that by allowing a server worker to progress as
soon as a TCP connection has been established. This comes at the expense
of a more complex implementation necessitated by deficiencies in Hyper.
Potentially resolves#2118.
Also updates 'tokio-rustls' to a compatible version.
Additionally depends on 'rustls-pemfile' which includes functionality
that was previously part of 'rustls' itself.
This commit removes the 'CookieJar::get_private_pending()' method in
favor of the already existing and correct 'CookieJar::get_pending()'
method. Previously, the 'CookieJar::get_private_pending()' method
attempted to decrypt the value of a pending cookie, which in reality is
plaintext, thus failing. Because the pending value is plaintext, the
'CookieJar::get_pending()' method suffices.
Documentation has been updated to refer to 'CookieJar::get_pending()'.
Fixes#2063.