v2.51.0

🚀 New

• Add support for parameters in content negotiation (#2678) RFC
  https://docs.gofiber.io/api/ctx#accepts

// Consideration of parameters in the accepted headers
// Accept: text/plain, application/json; version=1; foo=bar

app.Get("/", func(c *fiber.Ctx) error {
  // Extra parameters in the accept are ignored
  c.Accepts("text/plain;format=flowed") // "text/plain;format=flowed"

  // An offer must contain all parameters present in the Accept type
  c.Accepts("application/json") // ""

  // Parameter order and capitalization does not matter. Quotes on values are stripped.
  c.Accepts(`application/json;foo="bar";VERSION=1`) // "application/json;foo="bar";VERSION=1"
})

• Add support for application/problem+json (#2704)
  https://docs.gofiber.io/api/ctx#json
  https://docs.gofiber.io/api/client#json

// Passing a custom json type
ctx.JSON(fiber.Map{
    "type": "https://example.com/probs/out-of-credit",
    "title": "You do not have enough credit.",
    "status": 403,
    "detail": "Your current balance is 30, but that costs 50.",
    "instance": "/account/12345/msgs/abc",
  }, fiber.)

🧹 Updates

• Ctx.Range: reduce allocations (#2705)
• Middleware/pprof: improve performance (#2709)

🛠️ Maintenance

• Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#2707)
• Bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2693)
• Bump actions/setup-node from 3 to 4 (#2690)
• Bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 (#2679)

🐛 Fixes

• Middleware/limiter: fix intermittent failures (#2716)
• Naming of routes works wrong after mount #2688 (#2689)
• Fix method validation on route naming (#2686)

📚 Documentation

• Changed "Twitter" to "X (Twitter)" in README.md Contribute Section (#2696)
• Add additional information as to why GetReqHeaders returns a map where the values are slices of strings (#2698)
• Enhance csrf.md (#2692)

Full Changelog: v2.50.0...v2.51.0

Thank you @BandhiyaHardik, @database64128, @efectn, @moritz157, @nickajacks1, @rhburt and @sixcolors for making this update possible.

v2.50.0

❗ Breaking Changes

• Change signatures of GetReqHeaders and GetRespHeaders (#2650)

To allow single and list values under headers according to the rfc standard

- func (c *Ctx) GetReqHeaders() map[string]string
+ func (c *Ctx) GetReqHeaders() map[string][]string

- func (c *Ctx) GetRespHeaders() map[string]string
+ func (c *Ctx) GetRespHeaders() map[string][]string

👮 Security

Middleware/csrf: Token Vulnerability (GHSA-mv73-f69x-444p, GHSA-94w9-97p3-p368)

https://docs.gofiber.io/api/middleware/csrf

🚀 Improvements to the CSRF middleware:

• Added support for single-use tokens through the SingleUseToken configuration option.
• Optional integration with GoFiber session middleware through the Session and SessionKey configuration options.
• Introduction of origin checks for HTTPS connections to verify referer headers.
• Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without Session.
• Enhancement of error handling with more descriptive error messages.
• The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security.

Thank you @sixcolors

🚀 New

• Cookie parser (#2656)
  https://docs.gofiber.io/api/ctx#cookieparser

// Field names should start with an uppercase letter
type Person struct {
    Name     string  `cookie:"name"`
    Age      int     `cookie:"age"`
    Job      bool    `cookie:"job"`
}
// Example route
app.Get("/", func(c *fiber.Ctx) error {
    p := new(Person)
    // This method is similar to BodyParser, but for cookie parameters
    if err := c.CookieParser(p); err != nil {
        return err
    }
    
    log.Println(p.Name)     // Joseph
    log.Println(p.Age)      // 23
    log.Println(p.Job)      // true
})

• Middleware/cors: Allow disabling caching in preflight requests (#2649)
  https://docs.gofiber.io/api/middleware/cors#config

// To disable caching completely, pass MaxAge value negative. It will set the Access-Control-Max-Age header 0.
app.Use(cors.New(cors.Config{MaxAge: -1})) 

• Middleware/session: Add Reset method to Session struct in session middleware (#2654)
  https://docs.gofiber.io/api/middleware/session#signatures

// Provide more flexibility in session management, especially in scenarios like repeated user logins
func (s *Session) Reset() error

Example usage:

// Initialize default config
// This stores all of your app's sessions
store := session.New()

app.Post("/login", func(c *fiber.Ctx) error {
    // Get session from storage
    sess, err := store.Get(c)
    if err != nil {
        panic(err)
    }
    
    // ... validate login ...
    
    // Check if the session is fresh
    if !sess.Fresh() {
        // If the session is not fresh, reset it
        if err := sess.Reset(); err != nil {
            panic(err)
        }
    }
    // Set new session data
    sess.Set("user_id", user.ID)
    // Save session
    if err := sess.Save(); err != nil {
        panic(err)
    }

    return c.SendString(fmt.Sprintf("Welcome %v", user.ID))
})

• Middleware/session: Add Delete method to Store struct in session middleware (#2655)
  https://docs.gofiber.io/api/middleware/session#signatures

// Provide more control over individual session management, especially in scenarios 
// like administrator-enforced user logout or user-initiated logout from a specific device session
func (s *Store) Delete(id string) error

Example usage:

app.Post("/admin/session/:id/logout", func(c *fiber.Ctx) error {
    // Get session id from request
    sessionID := c.Params("id")

    // Delete the session
    if err := store.Delete(sessionID); err != nil {
        return c.Status(500).SendString(err.Error())
    }

    return c.SendString("Logout successful")
})

🧹 Updates

• Middleware/filesystem: Improve status for SendFile (#2664)
• Middleware/filesystem: Set response code (#2632)
• Refactor Ctx.Method func to improve code readability (#2647)

🛠️ Maintenance

• Fix loop variable captured by func literal (#2660)
• Run gofumpt and goimports (#2662)
• Use utils.AssertEqual instead of t.Fatal on some tests (#2653)
• Apply go fix ./... with latest version of go in repository (#2661)
• Bump github.com/valyala/fasthttp from 1.49.0 to 1.50.0 (#2634)
• Bump golang.org/x/sys from 0.12.0 to 0.13.0 (#2665)

🐛 Fixes

• Path checking on route naming (#2676)
• Incorrect log depth when use log.WithContext (#2666)
• Jsonp ignoring custom json encoder (#2658)
• PassLocalsToView when bind parameter is nil (#2651)
• Parse ips return invalid in abnormal case (#2642)
• Bug parse custom header (#2638)
• Middleware/adaptor: Reduce memory usage by replacing io.ReadAll() with io.Copy() (#2637)
• Middleware/idempotency: Nil pointer dereference issue on idempotency middleware (#2668)

📚 Documentation

• Incorrect status code source (#2667)
• Middleware/requestid: Typo in requestid.md (#2675)
• Middleware/cors: Update docs to better explain AllowOriginsFunc (#2652)

Full Changelog: v2.49.2...v2.50.0

Thank you @kaptinlin, @Skyenought, @cuipeiyu, @dairlair, @efectn, @gaby, @geerew, @huykn, @jimmyl02, @joey1123455, @joshlarsen, @jscappini, @peczenyj and @sixcolors for making this update possible.

v2.49.2

🧹 Updates

• Middleware/logger: Enabling color changes padding for some fields #2604 (#2616)
• Bump actions/checkout from 3 to 4 (#2618)
• Bump golang.org/x/sys from 0.11.0 to 0.12.0 (#2617)

🐛 Fixes

• Vulnerability in Ctx.IsFromLocal(GHSA-3q5p-3558-364f)

📚 Documentation

• Replaced double quotes with backticks in all route parameter strings (#2591)

Full Changelog: v2.49.1...v2.49.2

Thank you @11-aryan and @AKARSHITJOSHI for making this update possible.

v2.49.1

🧹 Updates

• Bump github.com/valyala/fasthttp from 1.48.0 to 1.49.0 (#2615)

🐛 Fixes

• Rollback changes to go.mod file (#2614)

📚 Documentation

• Add Polish translation - README_pl.md (#2613)
• Update README_ko.md (#2605)

Full Changelog: v2.49.0...v2.49.1

Thank you @KompocikDot, @LimJiAn and @gaby for making this update possible.

v2.49.0

❗ Breaking Changes

• Add config to enable splitting by comma in parsers (#2560)
  https://docs.gofiber.io/api/fiber#config

EnableSplittingOnParsers splits the query/body/header parameters by comma when it's true (default: false).

For example, you can use it to parse multiple values from a query parameter like this:
/api?foo=bar,baz == foo[]=bar&foo[]=baz

🚀 New

• Add custom data property to favicon middleware config (#2579)
  https://docs.gofiber.io/api/middleware/favicon#config

This allows the user to use //go:embed flags to load favicon data during build-time, and supply it to the middleware instead of reading the file every time the application starts.

🧹 Updates

• Middleware/logger: Latency match gin-gonic/gin formatter (#2569)
• Middleware/filesystem: Refactor: use errors.Is instead of os.IsNotExist (#2558)
• Use Global vars instead of local vars for isLocalHost (#2595)
• Remove redundant nil check (#2584)
• Bump github.com/mattn/go-runewidth from 0.0.14 to 0.0.15 (#2551)
• Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2592)
• Bump golang.org/x/sys from 0.10.0 to 0.11.0 (#2563)
• Add go 1.21 to ci and readmes (#2588)

🐛 Fixes

• Middleware/logger: Default latency output format (#2580)
• Decompress request body when multi Content-Encoding sent on request headers (#2555)

📚 Documentation

• Fix wrong JSON docs (#2554)
• Update io/ioutil package to io package (#2589)
• Replace EG flag with the proper and smaller SVG (#2585)
• Added Egyptian Arabic readme file (#2565)
• Translate README to Portuguese (#2567)
• Improve *fiber.Client section (#2553)
• Improved the config section of the middleware readme´s (#2552)
• Added documentation about ctx Fresh (#2549)
• Update intro.md (#2550)
• Fixed link to slim template engine (#2547)

Full Changelog: v2.48.0...v2.49.0

Thank you @Jictyvoo, @Juneezee, @Kirari04, @LimJiAn, @PassTheMayo, @andersonmiranda-com, @bigpreshy, @efectn, @renanbastos93, @scandar, @sixcolors and @stefanb for making this update possible.

v2.48.0

🚀 New

• Add ability to print custom message on startup (#2491)
  https://docs.gofiber.io/guide/hooks#onlisten

app := fiber.New(fiber.Config{
  DisableStartupMessage: true,
})

app.Hooks().OnListen(func(listenData fiber.ListenData) error {
  if fiber.IsChild() {
      return nil
  }
  scheme := "http"
  if data.TLS {
    scheme = "https"
  }
  log.Println(scheme + "://" + listenData.Host + ":" + listenData.Port)
  return nil
})

app.Listen(":5000")

• Add Logger interface and fiberlog (#2499)
  https://docs.gofiber.io/api/log

🧹 Updates

• Dictpool is not completely gone (#2540)
• Bump golang.org/x/sys from 0.9.0 to 0.10.0 (#2530)
• Bump github.com/valyala/fasthttp from 1.47.0 to 1.48.0 (#2511)

🐛 Fixes

• Middleware/logger: Default logger color behaviour (#2513)

📚 Documentation

• Fix link (#2542)
• Fix bad documentation on queries function (#2522)
• Fix validation-guide (#2517)
• Fix bad documentation on queries function (#2522)
• Add a warning on security implications when using X-Forwarded-For improperly (#2520)
• Fix typo (#2518)
• Typo in ctx.md (#2516)
• Fix comment in client.go (#2514)
• Fix docs api fiber custom config (#2510)

Full Changelog: v2.47.0...v2.48.0

Thank you @ForAeons, @RHeynsZa, @Saman-Safaei, @Skyenought, @Z3NTL3, @andre-dasilva, @cmd777, @dozheiny, @efectn, @f1rstmehul, @gaby, @itcuihao and @mo1ein for making this update possible.

v2.47.0

🚀 New

• Add queries function (#2475)
  https://docs.gofiber.io/api/ctx#queries

// GET /api/posts?filters.author.name=John&filters.category.name=Technology

app.Get("/", func(c *fiber.Ctx) error {
    m := c.Queries()
    m["filters.author.name"] // John
    m["filters.category.name"] // Technology
})

• Middleware/logger: Add DisableColors to set the default output format (#2493)
  https://docs.gofiber.io/api/middleware/logger#config

// Disable colors when outputting to default format
app.Use(logger.New(logger.Config{
    DisableColors: true,
}))

🧹 Updates

• Update getOffer to consider quality and specificity (#2486)
• Use c.app.getString instead of string(...) (#2489)
• Bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19 (#2474)
• Bump golang.org/x/sys from 0.8.0 to 0.9.0 (#2508)

🐛 Fixes

• Middleware/limiter: Fix Sliding Window limiter when SkipSuccessfulRequests/SkipFailedRequests is used. (#2484)
• Fix onListen hooks when they are used with prefork mode (#2504)
• Fix middleware naming and returned values of group methods (#2477)
• Treat case for possible timer memory leak (#2488)
• Reset terminal colors after print routes (#2481)

📚 Documentation

• Update version of html template (#2505)
• Translate README_fa.md (#2496)
• Correcting a syntax error in the README (#2473)

Full Changelog: v2.46.0...v2.47.0

Thank you @Kamandlou, @Satont, @Skyenought, @cmd777, @dozheiny, @efectn, @gaby, @kaazedev, @luk3skyw4lker, @obakumen, @sixcolors and @ytsruh for making this update possible.

v2.46.0

🚀 New

• Utils: add Go 1.20+ way of converting byte slice to string (#2468)
• Middleware/adaptor: allow to convert fiber.Ctx to (net/http).Request (#2461)

🧹 Updates

• Speedup and cleanup "path" testcases and benchmarks (#2465)
• Middleware/adaptor: allow to convert fiber.Ctx to (net/http).Request (#2461)
• Utils: add Go 1.20+ way of converting string to byte slice (#2462)
• Merge some external middlewares to core (#2453)
  https://docs.gofiber.io/category/-middleware

🐛 Fixes

• Fix mount route positioning (#2463)

📚 Documentation

• Update README_ru.md (#2456)

Full Changelog: v2.45.0...v2.46.0

Thank you @alekseikovrigin, @efectn and @leonklingele for making this update possible.

v2.45.0

🚀 New

• Add filesystem config contentTypeCharset support (#2438)
  https://docs.gofiber.io/api/middleware/filesystem#default-config

🧹 Updates

• Consistent way of logging and fix middleware log format (#2432, #2444)
• Improve error handling for net error(s) (#2421)
• Bump golang.org/x/sys from 0.7.0 to 0.8.0 (#2449)
• Bump github.com/valyala/fasthttp from 1.45.0 to 1.47.0 (#2426, #2445)

🐛 Fixes

• Middleware/cors: Changed condition for 'AllowOriginsFunc' (#2423)

📚 Documentation

• Correct errors in Italian translation (#2417)
• Correct grammar errors in Azerbaijani translation. (#2413)

Full Changelog: v2.44.0...v2.45.0

Thank you @Jamess-Lucass, @baichangda, @carmeloriolo, @kanansnote and @kousikmitra for making this update possible.

v2.44.0

🚀 New

• Added new 'AllowOriginsFunc' function. (#2394)
  https://docs.gofiber.io/api/middleware/cors#config

👮 Security hint

Note: Using this feature is discouraged in production and it's best practice to explicitly set CORS origins via AllowOrigins.

In this example any origin will be allowed via CORS.
For example, if a browser running on http://localhost:3000 sends a request, this will be accepted and the access-control-allow-origin response header will be set to http://localhost:3000.

app.Use(cors.New(cors.Config{
    AllowOriginsFunc: func(origin string) bool {
        return os.Getenv("ENVIRONMENT") == "development"
    },
}))

• Public ShutdownWithContext (#2407)
  https://docs.gofiber.io/api/app#server-shutdown

🧹 Updates

• Bump golang.org/x/sys from 0.6.0 to 0.7.0 (#2405)
• github/workflows: also run tests with Go 1.19.x (#2384)
• Bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18 (#2381)

🐛 Fixes

• Middleware/logger: Fix #2396, data race logger middleware (#2397)
• Middleware/timeout: Add original timeout middleware (#2367)
  https://docs.gofiber.io/next/api/middleware/timeout
  ❗With version v2.38.1 we changed the behavior of the timeout function, this has now been undone and a function for use with context has been provided
• Mounted subapps don't work correctly if parent app attached (#2331)
• Change default value of Querybool from true to false. (#2391)
  ❗The fallback value for not found or not boolean values was adjusted to the golang standard
• Fix #2383, accepts mimeType (#2386)

📚 Documentation

• Added Azerbaijani README translation (#2411)
• Fix import and comma issues (#2410)
• Fix typos, and make middleware documentation more consistent (#2408)
• Added code link to fiber config fields (#2385)
• Adding to fac sub domain routing (#2393)

Full Changelog: v2.43.0...v2.44.0

Thank you @Jamess-Lucass, @ancogamer, @cmd777, @dozheiny, @eld4niz, @hakankutluay, @jcyamacho, @leonklingele and @shahriarsohan for making this update possible.