github apollographql/router v0.15.0
on GitHub

latest releases: v1.56.0-rc.0, v1.52.2-rc.0, v1.55.1-rc.1...
2 years ago

[0.15.0] - 2022-08-09

❗ BREAKING ❗

CORS: Deprecate newly-added allow_any_header option and return to previous behavior (PR https://github.com/apollographql/router/pull/1480)

We've re-considered and reverted changes we shipped in the last release with regards to how we handle the Access-Control-Request-Headers request header and its corresponding Access-Control-Allow-Headers response header. We've reverted to the previous releases' behavior, including the removal of the recently-added allow_any_header option.

The previous default behavior was to reflect the client's Access-Control-Request-Headers request header values back in the Access-Control-Allow-Headers response header. This previous behavior is in fact a common default behavior in other CORS libraries as well, including the cors Node.js package and we think it's worth keeping as it was previously, rather than requiring users to specify allow_any_header for the majority of use cases. We believe this to be a safe and secure default that is also more user-friendly.

It is not typically necessary to change this default behavior, but if you wish to allow a more specific set of headers, you can disable the default header reflection and specify a list of headers using the allow_headers option, which will allow only those headers in negotiating a response: 

server:
  cors:
    allow_any_origin: true
    # Including this `allow_headers` isn't typically necessary (can be removed) but
    # will *restrict* the permitted Access-Control-Allow-Headers response values.
    allow_headers:
      - Content-Type
      - Authorization
      - x-my-custom-header

By @o0Ignition0o in #1480

Reference-counting for the schema string given to plugins (PR https://github.com/apollographql/router/pull/1462)

The type of the supergraph_sdl field of the apollo_router::plugin::PluginInit struct
was changed from String to Arc<String>.
This reduces the number of copies of this string we keep in memory, as schemas can get large.

By @SimonSapin in #1462

🐛 Fixes

Update span attributes to be compliant with the opentelemetry for GraphQL specs (PR https://github.com/apollographql/router/pull/1449)

Change attribute name query to graphql.document and operation_name to graphql.operation.name in spans.

By @bnjjj in #1449

Configuration handling enhancements (PR https://github.com/apollographql/router/pull/1454)

Router config handling now:

  • Allows completely empty configuration without error.
  • Prevents unknown tags at the root of the configuration from being silently ignored.

By @BrynCooke in #1454

📚 Documentation

CORS: Fix trailing slashes, and display defaults (PR https://github.com/apollographql/router/pull/1471)

The CORS documentation now displays a valid origins configuration (without trailing slash!), and the full configuration section displays its default settings.

By @o0Ignition0o in #1471

Add helm OCI example (PR https://github.com/apollographql/router/pull/1457)

Update existing filesystem based example to illustrate how to do the same thing using our OCI stored helm chart.

By @garypen in #1457

Check out latest releases or
releases around apollographql/router v0.15.0

Don't miss a new router release

NewReleases is sending notifications on new releases.

Get notifications