aboutsummaryrefslogtreecommitdiffstats
path: root/doc/src/guide/migrating_from_1.3.asciidoc
blob: aa7d26ba36298fd15089c3568ab8f0027a1d11e9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
[appendix]
== Migrating from Gun 1.3 to 2.0

Gun 2.0 includes state of the art tunnel support. With
Gun 2.0 it is possible to make request or data go through
any number of proxy endpoints using any combination of
TCP or TLS transports and HTTP/1.1, HTTP/2 or SOCKS5
protocols. All combinations of the scenario Proxy1 ->
Proxy2 -> Origin are tested and known to work.

Gun 2.0 adds many more features such as Websocket over
HTTP/2, a built-in cookie store, graceful shutdown, flow
control for data messages, event handlers and more.

Gun 2.0 greatly improves the HTTP/2 performance when it
comes to receiving large response bodies; and when receiving
response bodies from many separate requests concurrently.

Gun now shares much of its HTTP/2 code with Cowboy,
including the HTTP/2 state machine. Numerous issues were
fixed as a result because the Cowboy implementation was
much more advanced.

The Gun connection process is now implemented using `gen_statem`.

Gun 2.0 requires Erlang/OTP 22.0 or greater.

=== Features added

* Cookie store support has been added. The `cookie_store`
  option allows configuring the cookie store backend.
  The `gun_cookies` module provides functions to help
  implementing such a backend. Gun comes with the backend
  `gun_cookies_list` which provides a per-connection,
  non-persistent cookie store. The cookie store engine
  implements the entire RFC6265bis draft algorithms except
  the parts about non-HTTP cookies as no such interface is
  provided; and the parts about SameSite as Gun has no
  concept of "browsing context".

* Graceful shutdown has been implemented. Graceful shutdown
  can be initiated on the client side by calling the new
  function `gun:shutdown/1` or when the owner process goes
  away; or on the peer side via the connection: close HTTP/1.1
  header, the HTTP/2 GOAWAY frame or the Websocket close frame.
  Gun will try to complete existing streams when possible;
  other streams get canceled immediately. The `closing_timeout`
  option controls how long we are willing to wait at most
  before closing the connection.

* Flow control has been added. It allows limiting the number
  of data/Websocket messages Gun sends to the calling process.
  Gun will stop reading from the socket or stop updating the
  protocol's flow control window when applicable as well, to
  apply some backpressure to the remote endpoint(s). It is
  disabled by default and can be applied on a per-request
  basis if necessary.

* An event handler interface has been added providing access
  to many internal Gun events. This can be used for a variety
  of purposes including logging, tracing or otherwise
  instrumenting a Gun connection.

* In order to get separate events when connecting, the domain
  lookup, connection and TLS handshakes are now performed
  separately by Gun. As a result, there exists three separate
  timeout options for each of the steps, and the transport
  options had to be split into `tcp_opts` and `tls_opts`.

* Gun now supports connecting through SOCKS proxies,
  including secure SOCKS proxies. Both unauthenticated
  and username/password authentication are supported.

* Gun can connect through any number of HTTP, HTTPS, SOCKS
  or secure SOCKS proxies, including SOCKS proxies
  located after HTTP(S) proxies. The ultimate endpoint
  may be using any protocol, including plain TCP, TLS,
  HTTP/1.1 or HTTP/2.

* When specifying which protocols to use, options can
  now be provided specific to those protocols. It is
  now possible to have separate HTTP options for an
  HTTP proxy and the origin HTTP server, for example.
  See the new `gun:protocols()` type for details.

* Gun can now be used to send and receive raw data,
  as if it was just a normal socket. This can be
  useful when needing to connect through a number
  of HTTP/Socks proxies, allowing the use of Gun's
  great proxying capabilities (including TLS over TLS)
  for any sort of protocols. This can also be useful
  when performing HTTP/1.1 Upgrade to custom protocols.

* Headers can now be provided as a map.

* Header names may now be provided as binary, string or atom.

* Gun now automatically lowercases provided header names.

* Many HTTP/2 options have been added, allowing great
  control over how Gun and the remote endpoint are
  using the HTTP/2 connection. They can be used to
  improve performance or lower the memory usage, for
  example.

* It is now possible to send many Websocket frames in
  a single `gun:ws_send/2` call.

* Gun may now send Websocket ping frames automatically
  at intervals determined by the `keepalive` option. It
  is disabled by default.

* A new `silence_pings` option can be set to `false` to
  receive all ping and pong frames when using Websocket.
  They are typically not needed and therefore silent by
  default.

* The `reply_to` option has been added to `gun:ws_upgrade/4`.
  The option applies to both the response and subsequent
  Websocket frames.

* The `reply_to` option is also propagated to messages
  following a CONNECT request when the protocol requested
  is not HTTP.

* A new option `retry_fun` can be used to implement
  different backoff strategies when reconnecting.

* A new option `supervise` can be used to start a Gun
  connection without using Gun's supervisor. It defaults
  to `true`.

* Many improvements have been done to postpone or reject
  requests and other operations while in the wrong state
  (for example during state transitions when switching
  protocols or connecting to proxies).

* Update Cowlib to 2.10.0.

=== Features removed

* Gun used to reject operations by processes that were not
  the owner of the connection. This behavior has been removed.
  In general the caller of a request or other operation will
  receive the relevant messages unless the `reply_to` option
  is used.

* The `connect_destination()` option `protocol` has been
  removed. It was previously deprecated in favor of `protocols`.

* The `keepalive` timeout is now disabled by default
  for HTTP/1.1 and HTTP/2. To be perfectly clear, this
  is unrelated to the HTTP/1.1 keep-alive mechanism.

=== Functions added

* The function `gun:set_owner/2` has been added. It allows
  changing the owner of a connection process. Only the current
  owner can do this operation.

* The function `gun:shutdown/1` has been added. It initiates
  the graceful shutdown of the connection, followed by the
  termination of the Gun process.

* The function `gun:stream_info/2` has been added. It provides
  information about a specific HTTP stream.

=== Functions modified

* The function `gun:info/1` now returns the owner of the
  connection as well as the cookie store.

* The functions `gun:await/2,3,4`, `gun:await_body/2,3,4` and
  `gun:await_up/1,2,3` now distinguish the error types. They
  can be a timeout, a connection error, a stream error or a
  down error (when the Gun process exited while waiting).

* The functions `gun:await/2,3,4` will now receive upgrades,
  tunnel up and Websocket messages and return them.

* Requests may now include the `tunnel` option to send the
  request on a specific tunnel.

* The functions `gun:request/4,5,6` have been replaced with
  `gun:headers/4,5` and `gun:request/5,6`. This provides a
  cleaner separation between requests that are followed by
  a body and those that don't.

=== Messages added

* The `gun_tunnel_up` message has been added.

=== Messages modified

* The `gun_down` message no longer has its final element
  documented as `UnprocessedStreams`. It never worked and
  was always an empty list.

=== Bugs fixed

* *POTENTIAL SECURITY VULNERABILITY*: Fix transfer-encoding
  precedence over content-length in responses. This bug may
  contribute to a response smuggling security vulnerability
  when Gun is used inside a proxy.

* Gun will now better detect connection closes in some cases.

* Gun will no longer send duplicate connection-wide `gun_error`
  messages to the same process.

* Gun no longer crashes when trying to upgrade to Websocket
  over a connection restricted to HTTP/1.0.

* The default value for the preferred protocols when using
  CONNECT over TLS has been corrected. It was mistakenly not
  enabling HTTP/2.

* Protocol options provided for a tunnel destination were
  sometimes ignored. This should no longer be the case.

* Gun will no longer send an empty HTTP/2 DATA frame when
  there is no request body. It was not necessary.

* Gun will no longer error out when the owner process exits.
  The error reason will now be a `shutdown` tuple instead.

* The host header was set incorrectly during Websocket upgrades
  when the host was configured with an IP address, resulting
  in a crash. This has been corrected.

* A completed stream could be found in the `gun_down` message when
  the response contained a connection: close header. This is no
  longer the case.

* Hostnames can now be provided as atom as stated by the
  documentation.

* Gun will no longer attempt to send empty data chunks. When
  using HTTP/1.1 chunked transfer-encoding this caused the
  request body to end, even when `nofin` was given.

* Gun now always retries connecting immediately when the
  connection goes down.

* The default port number for the HTTP and HTTPS schemes is
  no longer sent in the host header.

* An invalid stream reference was sent on failed Websocket
  upgrade responses. This has been corrected.

* HTTP/2 connection preface errors are now properly detected
  and propagated in the `gun_down` message to the connection
  owner as well as the exit reason of the Gun process.

* HTTP/2 connection preface errors now provide a different
  human readable error when the data received looks like an
  HTTP/1.x response.

* HTTP/2 connection errors were missing the human readable
  reason in the `gun_error` message. This has been corrected.

* Fix the host and :authority (pseudo-)headers when connecting
  to an IPv6 address given as a tuple. They were lacking the
  surrounding brackets.

* Fix a crash in gun:info/1 when the socket was closed before
  we call Transport:sockname/1.