Skip to main content

2 posts tagged with "security"

View All Tags

Extractors Guide for Middleware

ยท 6 min read
Fiber Team
Maintainers

Security bugs in middleware are often not algorithm bugs. They are extraction-policy bugs.

One component reads bearer tokens from headers, another falls back to query parameters first, a third uses cookie-first behavior. Each of these can work in isolation, but together they create inconsistent security posture. During an auth migration, the problem multiplies: old services use one extraction path, new services use another, and nobody is sure which fallback order is actually active in production.

The extractors package in Fiber v3 exists to solve this. It gives middleware a shared, composable API for declaring where values come from and in what order, so extraction policy is explicit and reviewable rather than scattered across handler code.

RFC Conformance in Practice

ยท 6 min read
Fiber Team
Maintainers

RFC conformance can sound abstract until you run a real production stack.

Your service is not only interacting with one client. It is sitting behind load balancers, reverse proxies, CDNs, API gateways, browsers, mobile clients, and internal automation tools. A cookie that works in Chrome but breaks in Safari, a cache header that your CDN interprets differently than you intended, an authorization header that your proxy strips because it does not match the expected format โ€” these are real incidents that happen because of small protocol deviations.

Fiber v3 addresses this with specific improvements to cookie handling, context behavior, response semantics, and connection management, each tied to concrete RFCs. This post walks through what changed and why it matters operationally.