Changes

• Important AuthenticationMiddleware bug fixes
• Added AUTH_DENIED support and

Full Changelog: v3.3.8...v3.3.10

Changes

• Bugfix in AsyncTCP lib: Rollback mathieucarbou/AsyncTCP#18 (assert failed: tcp_update_rcv_ann_wnd) by @mathieucarbou in mathieucarbou/AsyncTCP#24

Full Changelog: v3.3.7...v3.3.8

Changes

• Fixed memory leak in deprecated setAuthentication() method as reported in tbnobody/OpenDTU#2320

Full Changelog: v3.3.6...v3.3.7

Changes

• Small bug fixes

Full Changelog: v3.3.5...v3.3.6

BREAKING CHANGE

• Auth type enum moved globally: AsyncAuthType
• AuthenticationMiddleware.setPasswordIsHash() => AuthenticationMiddleware.setPasswordHash()

What's changed

• Complete rework of AuthenticationMiddleware... by @mathieucarbou in #113
• Added AuthenticationMiddleware.setPasswordHash .generateHash();
• Added AuthenticationMiddleware.setAuthFailureMessage()

Full Changelog: v3.3.4...v3.3.5

What's Changed

• add optional responce code to AsyncWebServerRequest::redirect() method by @vortigont in #110

Full Changelog: v3.3.3...v3.3.4

What's Changed

• Fix compilation issue with ArduinoJson 5 and 6 (closes #108) by @mathieucarbou in #109

Full Changelog: v3.3.2...v3.3.3

What's Changed

• Moved implementations in cpp files by @mathieucarbou in #106

Full Changelog: v3.3.1...v3.3.2

WARNING

THIS VERSION DOES NOT WORK WITH Arduino 5 and 6 (see: #108).
The bug is fixed in v3.3.3

What's Changed

• Fixed compilation warning on ESP8266 in 9e6cc52

Full Changelog: v3.3.0...v3.3.1

Breaking Changes

This PR brings a lot of new feature and bug fixes:

• Fixed method overloading for ESP8266
• Added support for request attributes
• Added support for middleware (aka Expressif Middleware): they can be added at server level (apply globally) or at handler level. They can act on the request and response and also decide if the processing continues or not (see examples)
• Added support to replace a response with another one (e.g. a middleware could discard a response sent by a handler to create a new one)

Potential breaking changes:

• Removed the "interesting headers" concept: all headers are now parsed. If you need to filter them out to only keep sone, you can use a middleware for that (see the examples)
• Do not use setAuthentication() => use a middleware instead!
• Do not use AsyncEventSource.authorizeConnect(...) => use a middleware instead!
• Authentication is not checked anymore in the body / upload handlers (ArUploadHandlerFunction and ArBodyHandlerFunction) because these handlers are called once or more during the request parsing phase and the middleware chain cannot be called at this time and cannot be called also several time. It will be called during the handleRequest at the end. If you need to verify some auth in these callbacks, just create a middleware and call the method AuthenticationMiddleware.allowed(request)

See migration guide: https://github.com/mathieucarbou/ESPAsyncWebServer?tab=readme-ov-file#migration-to-middleware-to-improve-performance-and-memory-usage

What's Changed

• Fix minor typos by @DRSDavidSoft in #96
• (feat) Add support for request attributes by @mathieucarbou in #100
• (perf) Remove "interesting headers" to fasten request processing (replaced with removeHeadersExcept) by @mathieucarbou in #101
• Support for replacing a response by a new one by @mathieucarbou in #103
• Fix method overload issue with ESP8266. ESP8266 has to use send_P() and beginResponse_p() variants by @mathieucarbou in #104
• Add support for Middleware by @mathieucarbou in #98

New Contributors

• @DRSDavidSoft made their first contribution in #96

Full Changelog: v3.2.4...v3.3.0