This project uses Break Versioning as of Aug 16, 2014.
[com.taoensso/sente "1.17.0"]This is a non-breaking maintenance and feature release.
See here for recommended steps when updating any Clojure/Script dependencies.
Identical to v1.17.0-RC2.
- Updated dependencies
- [#398] Enable binary support for custom un/packers (@rosejn, @ptaoussanis)
- [#351 #393][New] Allow CSRF-token to be a function (@eneroth, @ptaoussanis)
- [#390] [Aleph adapter] Add support for websocket-connection options (@KaliszAd)
- [#396][Readme] Add link to Retit+JS example (@dharrigan)
- [#395][Readme] Add link to new SPA example (@FiV0)
- [#403][Fix] Start ws-kalive loop only after conn is established (@Snurppa)
[com.taoensso/sente "1.17.0-RC2"]This is a non-breaking maintenance and feature release.
See here for recommended steps when updating any Clojure/Script dependencies.
- Updated dependencies
- [#398] Enable binary support for custom un/packers (@rosejn, @ptaoussanis)
- [#351 #393][New] Allow CSRF-token to be a function (@eneroth, @ptaoussanis)
- [#390] [Aleph adapter] Add support for websocket-connection options (@KaliszAd)
- [#396][Readme] Add link to Retit+JS example (@dharrigan)
- [#395][Readme] Add link to new SPA example (@FiV0)
- [#403][Fix] Start ws-kalive loop only after conn is established (@Snurppa)
[com.taoensso/sente "1.16.2"]This is a non-breaking minor maintenance release.
See here for recommended steps when updating any Clojure/Script dependencies.
- Add public
ring-allow-origin?util fn
- Updated dependencies (non-breaking)
[com.taoensso/sente "1.16.1"]This is a minor maintenance release.
See here for recommended steps when updating any Clojure/Script dependencies.
- [#385] Fix: pass ring-req to authorized?-fn (@viesti)
- chsk server: add
:?unauthorized-fnoption
[com.taoensso/sente "1.16.0"]Major feature release. Should be non-breaking, but see here for recommended steps when updating any Clojure/Script dependencies.
Same as v1.16.0-RC1, v1.16.0-alpha2.
- [#371 #375] Add Jetty 9 server adapter (@wavejumper)
- [#372] Add
ring-undertowserver adapter (@nikolap) - [#275 #374] Add Clj WebSocket client support (@kaosko)
- Add optional auth fn to
make-channel-socket-server!(@kaosko @ptaoussanis) - [#356] Expose
send-buffers_as implementation detail (@kaosko) - [#359 #360] Add :json-verbose format to Transit packer (@p-himik)
- [#362 #363] Allow additional keys in event-msg maps (@jjttjj)
- [#365] README: incl. example CSRF code (@mattford63)
- [#366 #353 #358] Make make-channel-socket-client! respect host option (@Rkiouak)
- Use new http-kit v2.4.0 server API internally to fix possible race conditions
- [#357 #247] Fix for React Native (@currentoor)
[com.taoensso/sente "1.16.0-RC1"]Same as v1.16.0-alpha2.
See here for recommended steps when updating any Clojure/Script dependencies.
[com.taoensso/sente "1.16.0-alpha2"]Major feature release. Should be non-breaking, but users of http-kit will need to update to >= http-kit v2.4.0.
- Run
lein deps :tree(or equivalent) to check for possible dependency conflicts. - Run
lein clean(or equivalent) to ensure no stale build artifacts remain. - Please test carefully before running in production!
Some info on how to resolve dependency conflicts here.
- [NB] http-kit users must now use >= http-kit v2.4.0.
- [#371 #375] Add Jetty 9 server adapter (@wavejumper).
- [#372] Add
ring-undertowserver adapter (@nikolap). - [#275 #374] Add Clj WebSocket client support (@kaosko).
- Add optional auth fn to
make-channel-socket-server!(@kaosko @ptaoussanis). - [#356] Expose
send-buffers_as implementation detail (@kaosko). - [#359 #360] Add :json-verbose format to Transit packer (@p-himik).
- [#362 #363] Allow additional keys in event-msg maps (@jjttjj).
- [#365] README: incl. example CSRF code (@mattford63).
- [#366 #353 #358] Make make-channel-socket-client! respect host option (@Rkiouak).
- Use new http-kit v2.4.0 server API internally to fix possible race conditions.
- [#357 #247] Fix for React Native (@currentoor).
[com.taoensso/sente "1.15.0"]Just updates some dependencies. Should be non-breaking.
- [#355] Fix: Bump encore dependency to fix deprecated
goog.structs/Mapissue.
[com.taoensso/sente "1.14.0"]As v1.14.0-RC2, but also includes:
- [#307] New: Add server adapter for Macchiato Framework on Node.js (@theasp)
- [#137 #338] New: Add support for origin/referrer checking (@eerohele)
- [#349 #348] New: Add support for specifying chsk port when connecting from client (@pieterbreed)
- [#337] Fix: Incorrect value (only udt) swapped into conns_ (@osbert)
- [#341] Fix: Make cljsbuild output-to resources/public/main.js directly (@shaolang)
[com.taoensso/sente "1.14.0-RC2"]This is a CRITICAL bugfix release, please upgrade ASAP
- [#137] SECURITY FIX, BREAKING: fix badly broken CSRF protection (@danielcompton, @awkay, @eerohele), more info below
My sincere apologies for this mistake. Please write if I can provide more details or any other assistance. Further testing/auditing/input very much welcome! - @ptaoussanis
- All previous versions of Sente (< v1.14.0) contain a critical security design bug identified and reported by @danielcompton, @awkay, @eerohele. (Thank you to them for the report!).
- Bug: Previous versions of Sente were leaking the server-side CSRF token to the client during the (unauthenticated) WebSocket handshake process.
- Impact: An attacker could initiate a WebSocket handshake against the Sente server to discover a logged-in user's CSRF token. With the token, the attacker could then issue cross-site requests against Sente's endpoints. Worse, since Sente often shares a CSRF token with the rest of the web server, it may be possible for an attacker to issue cross-site requests against the rest of the web server (not just Sente's endpoints).
- The fix commit stops the CSRF token leak, introducing a BREAKING API CHANGE (details below).
- Sente will now (by default) refuse to service any requests unless a CSRF token is detected (e.g. via
ring-anti-forgery).
It now takes an explicit csrf-token that you must provide. The value for the token can be manually extracted from the page HTML (example).
In most cases the change will involve three steps:
- You need to include the server's CSRF token somewhere in your page HTML: example.
- You need to extract the CSRF token from your page HTML: example.
- You'll then use the extracted CSRF token as an argument when calling
make-channel-socket-client!: example.
It now always has nil where it once provided the csrf-token provided by the server.
I.e. before: [:chsk/handshake [<?uid> <csrf-token> <?handshake-data> <first-handshake?>]]
after: [:chsk/handshake [<?uid> nil <?handshake-data> <first-handshake?>]]
Most users won't be affected by this change.
[com.taoensso/sente "1.13.1"]This is a hotfix release, should be non-breaking
- [#327 #326] Fix broken ws->ajax downgrade logic (@michaelcameron)
[com.taoensso/sente "1.13.0"]This is a maintenance release, should be non-breaking in most cases
- Updated all dependencies
[com.taoensso/sente "1.12.1"]This is a non-breaking maintenance release
- [#323] Fix: Work correctly with new versions of
ring-anti-forgery(@timothypratley)
[com.taoensso/sente "1.12.0"]This is a non-breaking bugfix release which updates some dependencies
- [#315 #314 #311] Fix: Updated dependencies (@theasp)
[com.taoensso/sente "1.11.0"]This is a non-breaking feature release
- [#255] New: Client chsk state: now include cause of chsk disconnections
- [#263] New: Client chsk state: add :udt-next-reconnect key (@danielcompton)
- [#259] New: Allow clients to detect sudden abnormal disconnects (e.g. airplane mode)
- [#265] New: Add :simple-auto-threading? option to routers
- [#257] New: Add disconnect and reconnect buttons to ref example (@danielcompton)
- [#270] Impl: Better Ajax broadcast reliability on very poor connections
- [#254] Fix: Make sure pending retries are subject to normal cancellation
[com.taoensso/sente "1.10.0"]This is a minor, non-breaking release focused on moving from .cljx -> .cljc
- [#242] Impl: Switch from .cljx to .cljc (@danielcompton)
- [#243] Impl: Add support for nodejs clients (@DaveWM)
- [#246] New: Add :protocol parameter to make-channel-socket-client! (@tiensonqin)
- [#247] New:
SENTE_ELIDE_JS_REQUIREenvironment var for use with React Native
[com.taoensso/sente "1.9.0"]This is a particularly substantial release focused on design refactoring, and a number of new features.
- BREAKING: Client-side event changed:
[:chsk/state <new-state-map>]->[:chsk/state [<old-state-map> <new-state-map>]] - BREAKING:
:ws-kalive-ms,:lp-timeout-msopts moved from client-side to server-sidemake-channel-socket!fn - BREAKING: Drop experimental (and rarely used) flexi packer
- New: Add Aleph server adapter (@sorenmacbeth) [#236]
- New: Client-side
:chsk/stateevents may now contain:last-ws-error,:last-ws-closekeys [#214] - New: Add support for more flexible conn-type upgrade/downgrade [#201]
- New: Add new goodies to reference example
- Impl: Allow server to garbage collect long-polling conns [#150 #159]
- Impl: Server-side ping to help gc non-terminating WebSocket conns [#230]
- Impl: Servers now drive WebSocket identification (more robust, flexible)
- Impl: Clojure-side Transit performance optimizations [#161]
- Fix: Fixed faulty Nodejs Ajax adapter behaviour
- Fix: Fix for spurious Firefox unload->onclose calls [#224]
- Fix: Clear the keep alive timer in
chsk-disconnect![#221 @theasp]
[com.taoensso/sente "1.8.1"]- Hotfix: add missing
event?alias
This is a major non-breaking feature release, enjoy! :-)
- Change:
chsk-reconnect!calls now always attempt reconnection immediately [#167] - Change: Ref example has been refactored, simplified
- Change: Ref example has been split into client+server namespaces [#192 @theasp]
- New: Added server adapters for Node.js (generic, Express, Dog Fort) [#194 @theasp @whamtet]
- New: Added official
ajax-litealias (Sente Ajax req util) - New: Added "carpet" example [#187 @ebellani]
- New: CSRF token header is now compatible with ring.middleware defaults [#198 @theasp]
- Impl.: Decoupled notion that clj<=>server, cljs<=>client [thanks to @theasp for assistance]
- Impl.: Refactor web-server adapter interfaces
[com.taoensso/sente "1.8.0"]As v1.7.0-RC1 with some updated dependencies, improved reference example
[com.taoensso/sente "1.7.0"]This is a significant non-breaking feature release. Includes an important fix for Immutant users.
- New: add
nginx-clojureserver adapter [#160 @xfeep] - New: add
:error-handleroption to standard chsk routers - New:
make-channel-socket!now accepts an optional :params map [#158 #135 @danielcompton] - New: include
:client-idwith Ajax long-polling requests [#155 @akhudek] - New:
cb-error?convenience fn =(complement cb-success?) - Fix: Immutant v2.1.0+ adapter now supports timeouts to prevent lp socket leaks [#150 @tobias]
[com.taoensso/sente "1.7.0-RC1"]This is a significant maintenance+feature release which MAY BE BREAKING due to a mandatory dependency bump to Timbre v4 (see note 1 for details).
- BREAKING: switch to Timbre v4 for cross-platform logging [note 1]
- DEPRECATED:
chsk-url-fn, make cross-domain chsks easier to configure [#50 #136] - Implementation: refactor default chsk-router
- New: add :uid to ev-msg's handled by Sente server [@danielcompton #147]
- New: add support for Transit packer opts [@estsauver #145]
- New: add option to leave :chsk/recv events unwrapped [#151]
- New: add client-side backoff opts [#125]
- Fix: switch to encore edn reader/writer (fix issue with printing large data structures under REPL)
- Ref example: add run command [@estsauver #144]
[com.taoensso/sente "1.6.0"][1] Please see https://github.com/ptaoussanis/timbre/releases/tag/v4.0.0 for Timbre v4's migration checklist. Sorry for the hassle! This one-off change allows Sente to inherit all of Timbre's logging goodness (full logging config, ns filtering, production logging call elision, etc.). Migration usu. consists of a 1 or 2 line change if you're not using custom Timbre appenders.
This is a non-breaking maintenance release
- New: support Ajax CORS via new
:with-credentials?opt [#130 @bplatz] - Fix: bad missing-middleware error logging call format
- Implementation: update dependencies
[com.taoensso/sente "1.5.0"]Trivial, non-breaking release that adds a pair of optional web-adapter aliases to help make examples a little simpler.
[com.taoensso/sente "1.4.1"]This is a major BREAKING release. Biggest change is added support for web servers besides http-kit (only Immutant for now). A big thanks to @tobias for his assistance with the Immutant support.
- BREAK: added support for web servers besides http-kit (see migration instructions) [@tobias #2]
- BREAK: removed support for
niluser-id broadcasts (previously deprecated in v1.3.0) [#85] [1] - Fix: temporary workaround for core.async router error-catching issues [@shaharz #97]
- New: throw clear compile-time exception on encore dependency issues
- New: enable clients to distinguish between auto/manual reconnects [@sritchie #105] [2]
- New: allow arbitrary user-provided handshake data with :chsk/handshake events [@whodidthis #110 #111] [3]
- Ref example: some clarifications re: how to authenticate users
[com.taoensso/sente "1.4.0"][1]: Server-side (chsk-send! <user-id> <event>) calls used to broadcast to all nil-uid users when <user-id> was nil. Now you must use the special :sente/all-users-without-uid keyword for these cases. The new behaviour helps prevent unintentional broadcasting.
[2]: :chsk/state event data now contains :requested-reconnect? val.
[3]: Server-side make-channel-socket! fn now takes an optional :handshake-data-fn (fn [ring-req]) opt and client-side's ch-recv now receives [:chsk/handshake [<?uid> <?csrf-token> <?handshake-data>]] events.
- Http-kit is no longer an automatic Sente dependency. To continue using http-kit, add
[http-kit "2.1.19"]to your project.clj:dependencies. - Your Clojure-side
make-channel-socket!call must now take a web server adapter as first argument. To continue using http-kit, add[taoensso.sente.server-adapters.http-kit]to your Clojure-side ns form's:requireentries and passtaoensso.sente.server-adapters.http-kit/http-kit-adapteras the first arg tomake-channel-socket!.
So:
[http-kit "2.1.19"] ; <--- Add to project.clj :dependencies
(ns my-clj-ns
(:require
;; Other stuff
[taoensso.sente.server-adapters.http-kit] ; <--- Add this entry
))
;; (sente/make-channel-socket! <opts-map>) ; Old Clojure-side chsk constructor
(sente/make-channel-socket!
taoensso.sente.server-adapters.http-kit/http-kit-adapter ; <--- Add this arg
<opts-map) ; NEW Clojure-side chsk constructorThis change is a once-off nuisance that'll allow us the freedom of supporting a wide range of web servers in the future. Interested in a web server besides http-kit or Immutant? Am now welcoming PRs to support additional web servers.
Finally, please see the updated reference example project for instructions on switching to an alternative web server like Immutant.
/ Peter Taoussanis
This is a non-breaking maintenance release focused on general housekeeping + on adding some user-id flexibility.
- DEPRECATED [#85]: Server->user broadcasts should now use
:sente/all-users-without-uidinstead ofniluid when intending to broadcast to users without a user id. The new behaviour is less accident prone. - CHANGE [#84, #95]: Improve error reporting in the case of missing Ring middleware.
- FIX [#94]: ClojureScript dependency is now
:providedto keep it from being unnecessarily pulled into JARs, etc (@zentrope). - NEW [#82]: Server-side
:user-id-fn's Ring request now includes a:client-idarg provided by clients. - Various doc+example improvements.
This is a maintenance release that is non-breaking UNLESS:
- You are not using the default server-side chsk router.
- You are relying on (
?reply-fn <args>)to log a warning rather than throw an NPE for nil?reply-fns.
- FIX: Broken chsk router shutdown due to http://goo.gl/be8CGP.
- BREAKING [#77]: No longer substitute a dummy (logging)
?reply-fnfor non-callback events.
- FIX: taoensso/timbre#79 (unnecessary deps being pulled in).
- NEW: Added client-side
ajax-callutility. - NEW: Added keys to
event-msgs::id(event-id),:?data(event-?data).
This is a MAJOR release with a bunch of improvements, most notably efficiency improvements. It is BREAKING if-and-only-if you read from the client-side :ch-recv channel directly.
- NEW: Added
chsk-destroy!client-side API fn. - NEW [#60]: Several transfer format efficiency improvements (faster, less bandwidth use).
- NEW [#12], [#59], [#66], [#67]: Added
:packeroption to client+server-sidemake-channel-socket!fns. This can be used to plug in an arbitrary de/serialization format. The default continues to be edn (which gives the best common-case performance and doesn't require any extra dependencies). An experimental Transit-based packer is included which allows manual + smart (automatic) per-payload format selection. See the updated reference example for details. Big thanks to @ckarlsen for getting the work started on this! - DEPRECATED:
start-chsk-router-loop!->start-chsk-router!(both client + server-side). There's a new event-handler format that's consistent between the client + server, and that makes componentizing Sente considerably easier. See the updated reference example for details. Big thanks to @hugoduncan for his work & input on this! - CHANGE: Client-side router now traps+logs errors like the server-side router.
- CHANGE: General code improvements/refactoring, stuff I'd been meaning to do forever and wanted to get in before a v1 release.
- CHANGE: Further improvements to the reference example to make it play better with LightTable.
- BREAKING: the client-side
:ch-recvchannel now receivesevent-msg(maps) rather thanevent(vectors).(:event <event-msg>)will return theevent-msg'sevent.
Hotfix focused on adjusting default options for Heroku users.
- FIX [#56]: Decrease default keep-alive values to work with Heroku's http-routing timeouts.
- Minor reference example improvements.
Minor, non-breaking update.
- CHANGE: Support for new (namespaced) Ring Anti-Forgery session key (@DomKM).
- CHANGE:
[chsk/uidport-close]event now triggers only 5 seconds after a WebSocket channel is closed (same as Ajax channels). Helps prevent unnecessary noise during window refresh, etc. - NEW [#50]: Added a
:chsk-url-fnoption to client-sidemake-channel-socket!fn for full URL control.
Minor, non-breaking update.
- FIX: Handshakes were interfering with singleton WebSocket callback replies.
Minor, non-breaking update.
- FIX: WebSocket reconnect exponential backoff wasn't being reset correctly.
- [#39] FIX: Race condition affecting buffered
server>userevents (@smichal). - NEW:
[chsk/uidport-open],[chsk/uidport-close]server-side events generated on a uid connecting/disconnecting (any protocol). As before, you can watch theconnected-uidsatom for more detailed info.
This is a major release focused on simpler out-the-box setup + easier integration with a wide range of login/auth types.
- BREAKING: API fns removed:
chsk-type,chsk-open?. - BREAKING: The
[:chsk/state]event form has changed for added flexibility. - NEW: Added watchable, read-only
:stateatom to client-sidemake-channel-socket!fn result. Among other things, this atom contains any user-id provided by the server. - NEW: It is now possible to push server>user async events to clients without a user-id by providing a
niluser-id to the server-sidechsk-send!fn (previouslyniluids would throw an assertion error). In particular, this means it's now possible to broadcast to users that aren't logged in. - NEW: Server-side
make-channel-socket!fn has picked up a:csrf-token-fnoption which defaults to compatibility with the Ring-Anti-Forgery middleware. - NEW: Clients are now entirely self configuring. It's no longer necessary to transfer any state (like csrf-token or user-id) from the server; this'll be done automatically on channel socket handshake.
- NEW: Added a
chsk-reconnect!API method that can be called to easily re-establish a channel socket connection after a login or auth change. An example login procedure has been added to the reference example project. - CHANGE: The example project now randomly selects
:ajaxor:autoconnection mode.
As always, feedback welcome on any changes here. Have fun, cheers! - Peter
- NEW: server- and client-side
start-chsk-router-loop!fns now return a(fn stop! []). - [#37] FIX broken
[:chsk/close]typo for Ajax connections (@sritchie).
- CHANGE: Removed vestigial server-side events:
[:chsk/uidport-open _],[:chsk/uidport-close _]. - CHANGE: Significantly improved Ajax broadcast performance by interally making use of
connected-uidsdata. - NEW:
[:chsk/close]event can now be sent to clients to disconnect them (this feature was previously experimental + undocumented). - FIX:
connected-uidswas incorrectly marking multi-client users as disconnected when any one of their clients disconnected.
- [#27] FIX broken :advanced mode compilation (@ostronom).
- BREAKING CHANGE: ClojureScript (client-side)
make-channel-socket!fn signature has changed:
;; OLD (note two opts maps):
(make-channel-socket! {:csrf-token "foo" :has-uid? true} {:type :auto}) ; Old
;; NEW (note single opts map):
(make-channel-socket! {:csrf-token "foo" :has-uid? true :type :auto}) ; New- [#22] NEW: Server-side
make-channel-socket!constructor now supports an optional:user-id-fn(fn [ring-req]) -> user-idsetting (@sritchie). - [#23] NEW: Server-side
make-channel-socket!now returns a:connected-uidsatom.
This is a non-breaking release focused on efficiency+reliability improvements for very high stress environments.
- Documentation improvements.
- CHANGE: server>user Ajax push is now more reliable against dodgy connections.
- NEW: server>user sends are now automatically+transparently batched for greater efficiency in very high throughput environments. The server-side
make-channel-socket!has picked up some knobs for this, but the defaults are sensible.
- NEW: Copy improved error messages to server-side API.
- CHANGE: Provide entire, unfiltered Ring request map to server-side API.
- NEW: Improved error messsages for malformed events.
- NEW: Initial public release.