v4.6.0

Hono v4.6.0 is now available!

One of the highlights of this release is the Context Storage Middleware. Let's introduce it.

Context Storage Middleware

Many users may have been waiting for this feature. The Context Storage Middleware uses AsyncLocalStorage to allow handling of the current Context object even outside of handlers.

For example, let’s define a Hono app with a variable message: string.

type Env = {
  Variables: {
    message: string
  }
}

const app = new Hono<Env>()

To enable Context Storage Middleware, register contextStorage() as middleware at the top and set the message value.

import { contextStorage } from 'hono/context-storage'

//...

app.use(contextStorage())

app.use(async (c, next) => {
  c.set('message', 'Hello!')
  await next()
})

getContext() returns the current Context object, allowing you to get the value of the message variable outside the handler.

import { getContext } from 'hono/context-storage'

app.get('/', (c) => {
  return c.text(getMessage())
})

// Access the variable outside the handler.
const getMessage = () => {
  return getContext<Env>().var.message
}

In the case of Cloudflare Workers, you can also access the Bindings outside the handler by using this middleware.

type Env = {
  Bindings: {
    KV: KVNamespace
  }
}

const app = new Hono<Env>()

app.use(contextStorage())

const setKV = (value: string) => {
  return getContext<Env>().env.KV.put('key', value)
}

Thanks @marceloverdijk !

New features

• feat(secureHeader): add Permissions-Policy header to secure headers middleware #3314
• feat(cloudflare-pages): enable c.env.eventContext in handleMiddleware #3332
• feat(websocket): Add generics type to WSContext #3337
• feat(jsx-renderer): set Content-Encoding when stream is true #3355
• feat(serveStatic): add precompressed option #3366
• feat(helper/streaming): Support Promise<string> or (async) JSX.Element in streamSSE #3344
• feat(context): make fetch Response headers mutable #3318
• feat(serve-static): add onFound option #3396
• feat(basic-auth): added custom response message option #3371
• feat(bearer-auth): added custom response message options #3372

Other changes

• chore(jsx-renderer): fix typo in JSDoc by @taga3s in #3378
• chore(deno): use the latest jsr libraries for testing by @ryuapp in #3375
• fix(secure-headers): optimize getPermissionsPolicyDirectives function by @kbkn3 in #3398
• fix(bearer-auth): typo by @yusukebe in #3404

New Contributors

• @kbkn3 made their first contribution in #3314
• @hayatosc made their first contribution in #3337
• @inetol made their first contribution in #3366

Full Changelog: v4.5.11...v4.6.0

v4.5.11

What's Changed

• fix(jsx): race condition in ErrorBoundary with event loop by @usualoma in #3343
• perf(jsx): skip the special behavior when the element is in the head. by @usualoma in #3352
• refactor(utils/body): shorten the code by @yusukebe in #3353
• docs: Twitter to X by @yusukebe in #3354
• chore: fix typo in JSDoc by @taga3s in #3364
• refactor(utils/basic-auth): Moved Internal function to utils by @sugar-cat7 in #3359

New Contributors

• @taga3s made their first contribution in #3364
• @sugar-cat7 made their first contribution in #3359

Full Changelog: v4.5.10...v4.5.11

v4.5.10

What's Changed

• feat(compress): improve compress middleware by @nitedani in #3317
• feat(jsx): add popover api attributes by @ssssota in #3323
• feat(jsx): improve form attribute types by @ssssota in #3330
• chore(test): migrate to vitest v2 by @yasuaki640 in #3326
• chore(test): replace deprecated vitest type by @yasuaki640 in #3338
• fix(logger): removing spaces from logger by @marceloverdijk in #3334

New Contributors

• @nitedani made their first contribution in #3317
• @marceloverdijk made their first contribution in #3334

Full Changelog: v4.5.9...v4.5.10

v4.5.9

What's Changed

• test(types): broken test in future versions of typescript by @m-shaka in #3310
• fix(utils/color): Deno does not require permission for NO_COLOR by @ryuapp in #3306
• feat(jsx): improve type (MIME) attribute types by @ssssota in #3305
• feat(pretty-json): support custom query by @nakasyou in #3300

Full Changelog: v4.5.8...v4.5.9

v4.5.8

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: GHSA-rpfr-3m35-5vx5

v4.5.7

What's Changed

• fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by @usualoma in #3294
• perf(jsx/dom): improve performance by @usualoma in #3288
• feat(jsx): improve a-tag types with well known values by @ssssota in #3287
• fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @uttk in #3297
• feat(jsx): improve target and formtarget attribute types by @ssssota in #3299
• docs(README): change Twitter to X by @nakasyou in #3301
• fix(client): replace optional params to url correctly by @yusukebe in #3304
• feat(jsx): improve input attribute types based on react by @ssssota in #3302

New Contributors

• @uttk made their first contribution in #3297

Full Changelog: v4.5.6...v4.5.7

v4.5.6

What's Changed

• fix(jsx): handle async component error explicitly and throw the error in the response by @usualoma in #3274
• fix(validator): support multipart headers without a separating space by @Ernxst in #3286
• fix(validator): Allow form data will mutliple values appended by @nicksrandall in #3273
• feat(jsx): improve meta-tag types with well known values by @ssssota in #3276

New Contributors

• @Ernxst made their first contribution in #3286
• @ssssota made their first contribution in #3276

Full Changelog: v4.5.5...v4.5.6

v4.5.5

What's Changed

• fix(jsx): allow null, undefined, and boolean to be returned from function component by @usualoma in #3241
• feat(context): Add types for c.header by @nakasyou in #3221
• fix(jsx): fix draggable type to accept boolean by @yasuaki640 in #3253
• feat(context): add Context-Type types to c.header by @nakasyou in #3255
• fix(serve-static): supports directory contains . and not end / by @yusukebe in #3256

Full Changelog: v4.5.4...v4.5.5

v4.5.4

What's Changed

• fix(jsx): corrects the type of 'draggable' attribute in intrinsic-elements.ts by @yasuaki640 in #3224
• feat(jsx): allow to merge CSSProperties declaration by @jonasnobile in #3228
• feat(client): Add WebSocket Provider Integration Tests and Enhance WebSocket Initialization by @naporin0624 in #3213
• fix(types): param in ValidationTargets supports optional param by @yusukebe in #3229

New Contributors

• @jonasnobile made their first contribution in #3228

Full Changelog: v4.5.3...v4.5.4

v4.5.3

What's Changed

• fix(validator): Add double quotation marks to multipart checker regex by @CPlusPatch in #3195
• fix(validator): support application/json with a charset as JSON by @yusukebe in #3199
• fix(jsx): fix handling of SVG elements in JSX. by @usualoma in #3204
• fix(jsx/dom): fix performance issue with adding many new node listings by @usualoma in #3205
• fix(service-worker): refer to self.fetch correctly by @yusukebe in #3200

New Contributors

• @CPlusPatch made their first contribution in #3195

Full Changelog: v4.5.2...v4.5.3