Changes for version 0.001020 - 2026-03-16
- Security Hardening
- Reject requests with both Transfer-Encoding and Content-Length (RFC 9112)
- Validate Transfer-Encoding per RFC 9112 Section 6.1 (chunked must be final)
- Validate trailer headers for CRLF injection
- Validate SSE event/id/retry fields against newline injection
- Prevent code injection via loop_type parameter (block eval, not string eval)
- Fix TLS config to allow TLS 1.3 negotiation (SSL_version trailing colon)
- Session Middleware Refactor
- Pluggable State/Store architecture for PAGI::Middleware::Session
- State classes: Cookie (default), Header, Bearer, Callback
- Store classes: Memory (default, dev/test), with async Future-based interface
- PAGI::Session standalone helper with strict get() (dies on missing key)
- PAGI::Session accepts raw data, scope hashref, or object with ->scope
- Bulk operations: set(k1 => v1, k2 => v2), delete(@keys), slice(@keys), clear()
- Session destroy lifecycle: deletes from store, clears cookie via State::clear()
- Session regenerate lifecycle: generates new ID, deletes old, preserves data
- Idempotency: middleware skips if pagi.session already in scope
- Reserved keys (_destroyed, _regenerated) documented as middleware-consumed flags
- Store::Cookie extracted to separate CPAN dist (PAGI-Middleware-Session-Store-Cookie)
- Bug Fixes
- disable_tls skips TLS setup instead of dying
- Recompile access log formatter on configure() changes
- Weaken $self in _pause_accepting timer closure (reference cycle fix)
- Replace Future::IO->load_impl('IOAsync') with use Future::IO::Impl::IOAsync (fixes compatibility with Future::IO 0.22+)
- Cleanup
- Remove unused _log_connection_stats method
Documentation
PAGI application server
Recipes for Common PAGI Tasks
HTTP/1.1, HTTP/2, WebSocket, and Security Compliance Documentation
PAGI Specification Documentation
PAGI Specification Documentation
PAGI Specification Documentation
PAGI Specification Documentation
A comprehensive guide to building async web applications with PAGI
Modules
Perl Asynchronous Gateway Interface
Try apps in sequence until success
Serve files with directory listing
Serve static files
Health check endpoint app
Load PAGI app from file
Customizable 404 response
HTTP reverse proxy (DEMO ONLY - NOT FOR PRODUCTION)
URL redirect app
Unified routing for HTTP, WebSocket, and SSE
Pub/sub Server-Sent Events
Rate-limited request processing
Mount apps at URL path prefixes
Pub/sub WebSocket broadcast
Multi-room chat application
Echo WebSocket messages back to sender
Execute CGI scripts as PAGI apps
PSGI-to-PAGI adapter
Class-based HTTP endpoint handler
Class-based router with wrapped handlers
Class-based Server-Sent Events endpoint handler
Class-based WebSocket endpoint handler
Wrap a PAGI app with lifecycle management
Base class for PAGI middleware
Request logging middleware
HTTP Basic Authentication middleware
Bearer token authentication middleware
DSL for composing PAGI middleware
Cross-Origin Resource Sharing middleware
Cross-Site Request Forgery protection middleware
Conditional GET/HEAD request handling
Auto Content-Length header middleware
HTTP content negotiation middleware
Cookie parsing middleware
Development debug panel middleware
ETag generation middleware
Exception handling middleware
Form request body parsing middleware
Response compression middleware
Force HTTPS redirect middleware
HEAD request handling middleware
Health check endpoint middleware
JSON request body parsing middleware
Validate PAGI application compliance
Serve maintenance page when enabled
Override HTTP method from request data
Request rate limiting middleware
Unique request ID middleware
Handle X-Forwarded-* headers from reverse proxies
URL rewriting middleware
Request timing middleware
Add retry hints to SSE events
Security headers middleware
Session management middleware with pluggable State/Store
Base class for session state extraction
Bearer token session ID transport
Custom coderef-based session ID transport
Cookie-based session ID transport
Header-based session ID transport
Base class for async session storage
In-memory session store
Static file serving middleware
Host header validation middleware
WebSocket per-message compression
Rate limiting for WebSocket connections
Delegate file serving to reverse proxy
Convenience wrapper for PAGI request scope
Streaming body consumption for PAGI requests
Async multipart/form-data parser
Content negotiation utilities for PAGI
Uploaded file representation
Fluent response builder for PAGI applications
PAGI application loader and server runner
Convenience wrapper for PAGI Server-Sent Events connections
PAGI Reference Server Implementation
Non-blocking file I/O for PAGI::Server internals
Per-connection state machine
Connection state tracking for HTTP requests
Dev-mode event field validation
HTTP/1.1 protocol handler
HTTP/2 protocol handler using nghttp2
Standalone helper object for session data access
Test client for PAGI applications
HTTP response wrapper for testing
Server-Sent Events connection for testing PAGI applications
WebSocket connection for testing PAGI applications
Shared utility helpers for PAGI
Cryptographically secure random bytes
Convenience wrapper for PAGI WebSocket connections
Provides
in lib/PAGI/App/WrapPSGI.pm
in lib/PAGI/Endpoint/Router.pm
in lib/PAGI/Middleware/Cookie.pm
in lib/PAGI/Response.pm
in lib/PAGI/Server/Protocol/HTTP2.pm
Examples
- examples/01-hello-http/README.md
- examples/01-hello-http/app.pl
- examples/02-streaming-response/README.md
- examples/02-streaming-response/app.pl
- examples/03-request-body/README.md
- examples/03-request-body/app.pl
- examples/04-websocket-echo/README.md
- examples/04-websocket-echo/app.pl
- examples/05-sse-broadcaster/README.md
- examples/05-sse-broadcaster/app.pl
- examples/06-lifespan-state/README.md
- examples/06-lifespan-state/app.pl
- examples/07-extension-fullflush/README.md
- examples/07-extension-fullflush/app.pl
- examples/08-tls-introspection/README.md
- examples/08-tls-introspection/app.pl
- examples/09-psgi-bridge/README.md
- examples/09-psgi-bridge/app.pl
- examples/10-chat-showcase/README.md
- examples/10-chat-showcase/app.pl
- examples/10-chat-showcase/lib/ChatApp/HTTP.pm
- examples/10-chat-showcase/lib/ChatApp/SSE.pm
- examples/10-chat-showcase/lib/ChatApp/State.pm
- examples/10-chat-showcase/lib/ChatApp/WebSocket.pm
- examples/10-chat-showcase/public/css/style.css
- examples/10-chat-showcase/public/index.html
- examples/10-chat-showcase/public/js/app.js
- examples/11-job-runner/README.md
- examples/11-job-runner/app.pl
- examples/11-job-runner/lib/JobRunner/HTTP.pm
- examples/11-job-runner/lib/JobRunner/Jobs.pm
- examples/11-job-runner/lib/JobRunner/Queue.pm
- examples/11-job-runner/lib/JobRunner/SSE.pm
- examples/11-job-runner/lib/JobRunner/WebSocket.pm
- examples/11-job-runner/lib/JobRunner/Worker.pm
- examples/11-job-runner/public/css/style.css
- examples/11-job-runner/public/index.html
- examples/11-job-runner/public/js/app.js
- examples/12-utf8/README.md
- examples/12-utf8/app.pl
- examples/13-contact-form/README.md
- examples/13-contact-form/app.pl
- examples/13-contact-form/public/index.html
- examples/14-lifespan-utils/README.md
- examples/14-lifespan-utils/app.pl
- examples/README.md
- examples/app-01-file/README.md
- examples/app-01-file/app.pl
- examples/app-01-file/static/data.json
- examples/app-01-file/static/index.html
- examples/app-01-file/static/style.css
- examples/app-01-file/static/subdir/nested.txt
- examples/app-01-file/static/test.txt
- examples/background-tasks/README.md
- examples/background-tasks/app.pl
- examples/backpressure-test/README.md
- examples/backpressure-test/app.pl
- examples/endpoint-demo/README.md
- examples/endpoint-demo/app.pl
- examples/endpoint-demo/public/index.html
- examples/endpoint-router-demo/README.md
- examples/endpoint-router-demo/app.pl
- examples/endpoint-router-demo/lib/MyApp/API.pm
- examples/endpoint-router-demo/lib/MyApp/Main.pm
- examples/endpoint-router-demo/public/index.html
- examples/full-demo/README.md
- examples/full-demo/app.pl
- examples/sse-dashboard/README.md
- examples/sse-dashboard/app.pl
- examples/sse-dashboard/public/index.html
- examples/test-lifespan-shutdown/README.md
- examples/test-lifespan-shutdown/app.pl
- examples/websocket-chat-v2/README.md
- examples/websocket-chat-v2/app.pl
- examples/websocket-chat-v2/lib/ChatApp/HTTP.pm
- examples/websocket-chat-v2/lib/ChatApp/SSE.pm
- examples/websocket-chat-v2/lib/ChatApp/State.pm
- examples/websocket-chat-v2/lib/ChatApp/WebSocket.pm
- examples/websocket-echo-v2/README.md
- examples/websocket-echo-v2/app.pl
- examples/worker-pool-prototype.pl