FOSJsRoutingBundle

full changeset
https://github.com/FriendsOfSymfony/FOSJsRoutingBundle/compare/2.2.0...2.2.1

See CHANGELOG.md for significant changes

Security- and bugfixes from master backported to 1.x

⚠️ Please use version 1.6.2

Hi!

Due to numerous contributions that have been merged over the last 2 years in the master branch, this very first, very unstable, release starts the release cycle of the upcoming 2.0 major version. Things changed a lot between the initial plan, and what has been actually done, but there are a few interesting changes though.

Note that branch 1.x has been merge in master, so everything that is part of 1.x is also part of 2.x.

• Added: TypeScript declaration file, for TypeScript users
• Added: Support for Symfony3, HHVM and PHP 7
• Added: Protection against rosetta flash attacks
• Added: Inject the locale parameter automatically
• Fixed: use ConfigCache::getPath() instead of __toString() method
• Added: allow to configure router service name (#141)
• Fixed: documentation
• Fixed: serialization of RouteCollection and RoutesResponse
• Fixed: debug command '(#109)

Aloha, and sorry for the too long delay... This release provides support for Symfony 3.0+ (older Symfony versions should still work though). Cheers!

Changelog

• Fixed: deprecation notice at routing.xml
• Fixed: ConfigCache::__toString() is deprecated in favor of getPath() as of Symfony 2.7
• Added: enable Symfony 3 support

• Fixed the compatibility with the router:debug command of Symfony 2.6+ by resetting the aliases properly when extending the class to avoid replacing the core command
• Switched the autoloading to PSR-4
• Marked HHVM as officially supported

• Fixed the debug command to be compatible with FrameworkBundle 2.4+

This bugfix release fixes a bug introduced in release 1.5.1.

• Only the routes are cached now, everything else is included dynamically
• Deserialize routes when we actually load the serialized ones (and not previously already have the original array)

• Documentation has been rewritten
• Updated composer configuration, changing minimum-stability from dev to stable

Use JsonCallbackValidator library.

Prevent XSS attack through the JSONP callback. A CallbackValidator now validates the callback value. If it is not valid, a HttpException is thrown (status code = 400).

For more information, read: Do I need to sanitize the callback parameter from a JSONP call?

• Add ability to set Cache-Control headers. Now, you can enable HTTP caching as below:

# app/config/config.yml
fos_js_routing:
    cache_control:
        # All are optional, defaults shown
        public: false   # can be true (public) or false (private)
        maxage: null    # integer value, e.g. 300
        smaxage: null   # integer value, e.g. 300
        expires: null   # anything that can be fed to "new \DateTime($expires)", e.g. "5 minutes"
        vary: []        # string or array, e.g. "Cookie" or [ Cookie, Accept ]

Thanks to @cmenning!