Changes for version 0.001019 - 2026-02-19
- New Features
- Router: rewrite _compile_path() as tokenizer with proper regex escaping, so literal path segments containing regex metacharacters (e.g., /foo.bar) are matched literally instead of as patterns
- Router: inline constraint syntax {name:pattern} for path parameters (e.g., /user/{id:\d+}) validated during dispatch
- Router: chainable constraints() method for applying regex constraints to named path parameters after route definition
- Router: any() multi-method matcher supporting wildcard ('*') and explicit method lists (e.g., any [qw(GET POST)] => '/path' => $handler)
- Router: named routes and uri_for() now support {name:pattern} syntax and any() routes
- Router: group() for organizing routes under a common prefix, with three forms: callback (sub), router-object, and string (auto-require). Supports middleware, nesting, named route namespacing via as(), and conflict detection
- Router: mount() now accepts a string class name with auto-require and to_app dispatch
- SSE over HTTP/2 with streaming DATA frames, keepalive comments, and disconnect handling
- Add PAGI::Utils::Random module for cryptographically secure random bytes
- Rate limiter: periodic cleanup and safety valve for expired buckets
- CORS middleware: warn when configured with wildcard origins and credentials
- Security Fixes
- Fix XSS in Debug middleware panel by escaping scope values in HTML output
- Add max_chunk_size limit (default 1MB) to HTTP/1.1 chunked transfer parser to prevent denial-of-service via unbounded chunk sizes
- Use cryptographically secure random bytes (via /dev/urandom with Crypt::URandom fallback) in RequestId, CSRF, and Session middleware instead of rand()
- Default session cookie SameSite=Lax to prevent CSRF via cross-site requests
- Fix double URL-decoding in Static middleware that could allow path traversal
- Bug Fixes
- Fix HTTP/2 path decoding to match HTTP/1.1 decoding pipeline
- Fix HTTP/2 WebSocket path decoding to match HTTP/1.1 pipeline
- Require Net::HTTP2::nghttp2 0.007+ for HTTP/2 support (was unversioned)
- Improvements
- Extract _format_sse_event() and _format_sse_comment() helpers and protocol-abstracted keepalive writer for consistent SSE formatting across HTTP/1.1 and HTTP/2
Documentation
PAGI application server
Recipes for Common PAGI Tasks
HTTP/1.1, HTTP/2, WebSocket, and Security Compliance Documentation
PAGI Specification Documentation
PAGI Specification Documentation
PAGI Specification Documentation
PAGI Specification Documentation
A comprehensive guide to building async web applications with PAGI
Modules
Perl Asynchronous Gateway Interface
Try apps in sequence until success
Serve files with directory listing
Serve static files
Health check endpoint app
Load PAGI app from file
Customizable 404 response
HTTP reverse proxy (DEMO ONLY - NOT FOR PRODUCTION)
URL redirect app
Unified routing for HTTP, WebSocket, and SSE
Pub/sub Server-Sent Events
Rate-limited request processing
Mount apps at URL path prefixes
Pub/sub WebSocket broadcast
Multi-room chat application
Echo WebSocket messages back to sender
Execute CGI scripts as PAGI apps
PSGI-to-PAGI adapter
Class-based HTTP endpoint handler
Class-based router with wrapped handlers
Class-based Server-Sent Events endpoint handler
Class-based WebSocket endpoint handler
Wrap a PAGI app with lifecycle management
Base class for PAGI middleware
Request logging middleware
HTTP Basic Authentication middleware
Bearer token authentication middleware
DSL for composing PAGI middleware
Cross-Origin Resource Sharing middleware
Cross-Site Request Forgery protection middleware
Conditional GET/HEAD request handling
Auto Content-Length header middleware
HTTP content negotiation middleware
Cookie parsing middleware
Development debug panel middleware
ETag generation middleware
Exception handling middleware
Form request body parsing middleware
Response compression middleware
Force HTTPS redirect middleware
HEAD request handling middleware
Health check endpoint middleware
JSON request body parsing middleware
Validate PAGI application compliance
Serve maintenance page when enabled
Override HTTP method from request data
Request rate limiting middleware
Unique request ID middleware
Handle X-Forwarded-* headers from reverse proxies
URL rewriting middleware
Request timing middleware
Add retry hints to SSE events
Security headers middleware
Session management middleware
Static file serving middleware
Host header validation middleware
WebSocket per-message compression
Rate limiting for WebSocket connections
Delegate file serving to reverse proxy
Convenience wrapper for PAGI request scope
Streaming body consumption for PAGI requests
Async multipart/form-data parser
Content negotiation utilities for PAGI
Uploaded file representation
Fluent response builder for PAGI applications
PAGI application loader and server runner
Convenience wrapper for PAGI Server-Sent Events connections
PAGI Reference Server Implementation
Non-blocking file I/O for PAGI::Server internals
Per-connection state machine
Connection state tracking for HTTP requests
Dev-mode event field validation
HTTP/1.1 protocol handler
HTTP/2 protocol handler using nghttp2
Test client for PAGI applications
HTTP response wrapper for testing
Server-Sent Events connection for testing PAGI applications
WebSocket connection for testing PAGI applications
Shared utility helpers for PAGI
Cryptographically secure random bytes
Convenience wrapper for PAGI WebSocket connections
Provides
in lib/PAGI/App/WrapPSGI.pm
in lib/PAGI/Endpoint/Router.pm
in lib/PAGI/Middleware/Cookie.pm
in lib/PAGI/Response.pm
in lib/PAGI/Server/Protocol/HTTP2.pm
Examples
- examples/01-hello-http/README.md
- examples/01-hello-http/app.pl
- examples/02-streaming-response/README.md
- examples/02-streaming-response/app.pl
- examples/03-request-body/README.md
- examples/03-request-body/app.pl
- examples/04-websocket-echo/README.md
- examples/04-websocket-echo/app.pl
- examples/05-sse-broadcaster/README.md
- examples/05-sse-broadcaster/app.pl
- examples/06-lifespan-state/README.md
- examples/06-lifespan-state/app.pl
- examples/07-extension-fullflush/README.md
- examples/07-extension-fullflush/app.pl
- examples/08-tls-introspection/README.md
- examples/08-tls-introspection/app.pl
- examples/09-psgi-bridge/README.md
- examples/09-psgi-bridge/app.pl
- examples/10-chat-showcase/README.md
- examples/10-chat-showcase/app.pl
- examples/10-chat-showcase/lib/ChatApp/HTTP.pm
- examples/10-chat-showcase/lib/ChatApp/SSE.pm
- examples/10-chat-showcase/lib/ChatApp/State.pm
- examples/10-chat-showcase/lib/ChatApp/WebSocket.pm
- examples/10-chat-showcase/public/css/style.css
- examples/10-chat-showcase/public/index.html
- examples/10-chat-showcase/public/js/app.js
- examples/11-job-runner/README.md
- examples/11-job-runner/app.pl
- examples/11-job-runner/lib/JobRunner/HTTP.pm
- examples/11-job-runner/lib/JobRunner/Jobs.pm
- examples/11-job-runner/lib/JobRunner/Queue.pm
- examples/11-job-runner/lib/JobRunner/SSE.pm
- examples/11-job-runner/lib/JobRunner/WebSocket.pm
- examples/11-job-runner/lib/JobRunner/Worker.pm
- examples/11-job-runner/public/css/style.css
- examples/11-job-runner/public/index.html
- examples/11-job-runner/public/js/app.js
- examples/12-utf8/README.md
- examples/12-utf8/app.pl
- examples/13-contact-form/README.md
- examples/13-contact-form/app.pl
- examples/13-contact-form/public/index.html
- examples/14-lifespan-utils/README.md
- examples/14-lifespan-utils/app.pl
- examples/README.md
- examples/app-01-file/README.md
- examples/app-01-file/app.pl
- examples/app-01-file/static/data.json
- examples/app-01-file/static/index.html
- examples/app-01-file/static/style.css
- examples/app-01-file/static/subdir/nested.txt
- examples/app-01-file/static/test.txt
- examples/background-tasks/README.md
- examples/background-tasks/app.pl
- examples/backpressure-test/README.md
- examples/backpressure-test/app.pl
- examples/endpoint-demo/README.md
- examples/endpoint-demo/app.pl
- examples/endpoint-demo/public/index.html
- examples/endpoint-router-demo/README.md
- examples/endpoint-router-demo/app.pl
- examples/endpoint-router-demo/lib/MyApp/API.pm
- examples/endpoint-router-demo/lib/MyApp/Main.pm
- examples/endpoint-router-demo/public/index.html
- examples/full-demo/README.md
- examples/full-demo/app.pl
- examples/sse-dashboard/README.md
- examples/sse-dashboard/app.pl
- examples/sse-dashboard/public/index.html
- examples/test-lifespan-shutdown/README.md
- examples/test-lifespan-shutdown/app.pl
- examples/websocket-chat-v2/README.md
- examples/websocket-chat-v2/app.pl
- examples/websocket-chat-v2/lib/ChatApp/HTTP.pm
- examples/websocket-chat-v2/lib/ChatApp/SSE.pm
- examples/websocket-chat-v2/lib/ChatApp/State.pm
- examples/websocket-chat-v2/lib/ChatApp/WebSocket.pm
- examples/websocket-echo-v2/README.md
- examples/websocket-echo-v2/app.pl
- examples/worker-pool-prototype.pl