# 1.2.0

## Features

### `:ssrf_filter` plugin

The `:ssrf_filter` plugin prevents server-side request forgery attacks, by blocking requests to the internal network. This is useful when the URLs used to perform requests aren’t under the developer control (such as when they are inserted via a web application form).

```ruby
http = HTTPX.plugin(:ssrf_filter)

# this works
response = http.get("https://example.com")

# this doesn't
response = http.get("http://localhost:3002")
response = http.get("http://[::1]:3002")
response = http.get("http://169.254.169.254/latest/meta-data/")
```

More info under https://honeyryderchuck.gitlab.io/httpx/wiki/SSRF-Filter

### `:callbacks` plugin

The session callbacks introduced in v0.24.0 are in its own plugin. Older code will still work and emit a deprecation warning.

More info under https://honeyryderchuck.gitlab.io/httpx/wiki/Callbacks

### `:redirect_on` option for `:follow_redirects` plugin

This option allows passing a callback which, when returning `false`, can interrupt the redirect loop.

```ruby
http = HTTPX.plugin(:follow_redirects).with(redirect_on: ->(location_uri) { BLACKLIST_HOSTS.include?(location_uri.host) })
```

### `:close_on_handshake_timeout` timeout

A new `:timeout` option, `:close_handshake_timeout`, is added, which monitors connection readiness when performing HTTP/2 connection termination handshake.

## Improvements

* Internal "eden connections" concept was removed, and connection objects are now kept-and-reused during the lifetime of a session, even when closed. This simplified connectio pool implementation and improved performance.
* request using `:proxy` and `:retries` plugin enabled sessions will now retry on proxy connection establishment related errors.

## Bugfixes

* webmock adapter: mocked responses storing decoded payloads won't try to decode them again (fixes vcr/webmock integrations).
* webmock adapter: fix issue related with making real requests over webmock-enabled connection.