v0.11.3
Previous version binary size increase
As a result of updating the Hoverfly UI for v0.11.2, the Hoverfly binary increased in size. This has been fixed and the Hoverfly is now back to its original file size.
hoverctl config subcommands
To make hoverctl easier to use, we have extended the config command with four new subcommands. It is now possible to retrieve either the host, admin port, proxy port or the auth token.
hoverctl config host
hoverctl config admin-port
hoverctl config proxy-port
hoverctl config auth-token
These commands can be used to get information about specific targets. For example:
hoverctl -t target-name config host
More information on hoverctl commands
Remote Hoverfly instances and X-HOVERFLY-AUTHORIZATION
When connecting to Hoverfly, regardless if you are proxying HTTP or HTTPS requests, you still need to make an HTTP request to Hoverfly. This can be a security problem when running Hoverfly in non-local environments with authentication enabled. You may be exposing your authorization credentials or your authorization token.
To solve this problem, when starting a Hoverfly instance on a remote host, we recommend using the new -proxy-auth
Hoverfly flag with the value header-auth
.
This flag will disable the default security mechanisms for the proxy. Instead, Hoverfly will expect a custom security header X-HOVERFLY-AUTHORIZATION
. The reason for this that depending on your HTTP client, the default Proxy-Authorization
header may be included in the insecure initial request. Using a custom header will make sure the authorization token is not included in that first request.
hoverfly -auth -username bench -password password123 -proxy-auth=header-auth
Setting -proxy-auth=header-auth
will enable https-only
by default