Skip to content

v0.11.3

Compare
Choose a tag to compare
@benjih benjih released this 10 May 13:48
· 1051 commits to master since this release

Previous version binary size increase

As a result of updating the Hoverfly UI for v0.11.2, the Hoverfly binary increased in size. This has been fixed and the Hoverfly is now back to its original file size.

hoverctl config subcommands

To make hoverctl easier to use, we have extended the config command with four new subcommands. It is now possible to retrieve either the host, admin port, proxy port or the auth token.

hoverctl config host
hoverctl config admin-port
hoverctl config proxy-port
hoverctl config auth-token

These commands can be used to get information about specific targets. For example:

hoverctl -t target-name config host

More information on hoverctl commands

Remote Hoverfly instances and X-HOVERFLY-AUTHORIZATION

When connecting to Hoverfly, regardless if you are proxying HTTP or HTTPS requests, you still need to make an HTTP request to Hoverfly. This can be a security problem when running Hoverfly in non-local environments with authentication enabled. You may be exposing your authorization credentials or your authorization token.

To solve this problem, when starting a Hoverfly instance on a remote host, we recommend using the new -proxy-auth Hoverfly flag with the value header-auth.

This flag will disable the default security mechanisms for the proxy. Instead, Hoverfly will expect a custom security header X-HOVERFLY-AUTHORIZATION. The reason for this that depending on your HTTP client, the default Proxy-Authorization header may be included in the insecure initial request. Using a custom header will make sure the authorization token is not included in that first request.

hoverfly -auth -username bench -password password123 -proxy-auth=header-auth

Setting -proxy-auth=header-auth will enable https-only by default