Migrating to Responder 5.0¶
Responder 5 layers fully type-driven request/response I/O, composable dependency
injection, plan-driven OpenAPI, secure-by-default sessions, and a deferred
middleware stack onto the unchanged (req, resp) core. The new typed features
are additive sugar — your existing handlers keep working — but v5 makes a
handful of deliberate breaking changes, listed here with the one-line fix.
Sessions¶
Change |
What to do |
|---|---|
|
Set |
|
Generate a real key: |
Session cookies are |
No action behind a TLS proxy; pass |
|
Re-enable sessions, or stop reading the session under the explicit opt-out. |
|
Provide a key, or use |
Server-side sessions now slide their TTL via touch/atouch on read-only
requests (no behavior change for you; implement touch on a custom backend for
the cheaper path).
req.method is uppercase¶
req.method now returns "GET", not "get" (matching Flask/FastAPI/Starlette).
For one deprecation cycle it compares case-insensitively, so req.method == "get"
keeps working with a DeprecationWarning. Uppercase your literals.
Hash-based membership is the one thing the shim can’t save: req.method in {"get"}
and {"get": …}[req.method] miss silently — use ==, a tuple/list, or
uppercase keys.
Middleware & errors¶
Change |
What to do |
|---|---|
|
Mutate via |
User middleware now sits inside |
Its exceptions are now caught and rendered as |
Session writes are not persisted on an unhandled |
Persist explicitly before raising if you need it. |
X-Request-ID now appears on error/500 responses too, and
api.add_exception_handler(exc_or_status, handler) is now a first-class method.
Typed handler I/O¶
Change |
What to do |
|---|---|
A Pydantic return annotation ( |
Make the returned dict conform, or pass |
A body-model parameter beats a same-named dependency |
Rename the dependency, or give the parameter a default. |
|
Only affects |
New: def search(req, resp, *, q: str = Query(...), token: str = Header(None))
injects validated query params, headers, cookies, and path params.
Dependency injection¶
Change |
What to do |
|---|---|
A provider receives the request only via a |
Rename a nonstandard request parameter to |
|
Rename any dependency registered under these. |
Misconfigured graphs raise |
Cycles, unknown params, and scope violations now surface as |
New: a provider can depend on other providers (recursive, memoized, reverse-topological teardown, cycle detection).
OpenAPI¶
Change |
What to do |
|---|---|
Routes without a docstring/model now appear in the schema |
Pass |
Docstring YAML is deep-merged onto a generated base |
Fully-specified docstrings are unaffected; the generated parameters/request/response are added underneath. |
The spec is now generated from each route’s methods, models, and
Query/Header/Cookie markers, with an automatic 422 for validating routes.