What's new in http-server v0.12?

http-server has gone a while without a substantial release, despite issues and PR's coming in at full force. Unfortunately, the core team is small, only three devs, and we all have busy lives and full-time careers. But, we've been able to pull together a major release, with some interesting improvements.

Ecstatic v4

One of the largest set of changes is improvements to the underlying project, ecstatic, which recently reached version 4.0.0, and has had a few patch releases since. For http-server, the most important improvements include:

  • Ability to override MIME types with a .types file
  • Improved charset detection
  • Improved accuracy when checking if gzip responses are allowed
  • Elimination of a file descriptor leak
  • Elimination of a DOS vulnerability

Brotli encoding

In addition to gzip compression, http-server can now serve Brotli encoded content. This provides better compression ratios than gzip for many types of content, especially text-based assets like HTML, CSS, and JavaScript.

.httpserverrc settings file

This improvement has been a long time coming, with the original PR opened at the start of 2015! We know passing switches can become cumbersome when automating starting up a server, so now it's a bit easier.

By using a .httpserverrc file in the directory to be served. The file is simple JSON and uses the same switch arguments as the CLI. This is one of my personal favorite improvements!

Here's an example .httpserverrc file: 

{
  "port": 8080,
  "cache": 3600,
  "cors": true,
  "log-ip": true
}

--find-port

If the port given with the -p switch is not available, this new switch will allow the server to automatically find a free port to bind to. No more "port already in use" errors when you just want to get a server running quickly!

Support for HTTP basic access authentication

http-server now supports basic authentication by passing --username and --password switches, which the client must authenticate with. This is useful for protecting development servers or staging environments.

Client IP logging

By passing the --log-ip option, the client's IP is logged to stdout. This can be helpful for debugging or monitoring which clients are accessing your server.

Improved handling of proxy errors

Previously, proxy errors had the potential to crash the server with an unhelpful error message. Now, the server logs the error (and status code) and continues without a crash. Much more robust for production use.

Other improvements

  • Aggressive no-cache when the cache option is set to -1
  • A clever hack for a catch-all redirect (useful for single page apps) was added to the Readme page
  • Fixed some issues with the -o [path] switch
  • Better test messaging on some types of errors
  • Cleaner handling of setting options behind the scenes

We're excited to get this release out to the community. The combination of these improvements should make http-server more robust, feature-rich, and easier to use. Keep an eye on the GitHub repository for the official release announcement!