A fast, light-weight web server for WAI applications.


Version on this page:3.2.13
LTS Haskell 22.17:3.3.31
Stackage Nightly 2024-04-19:3.3.31
Latest on Hackage:3.4.0

See all snapshots warp appears in

MIT licensed by Michael Snoyman, Kazu Yamamoto, Matt Brown
Maintained by [email protected]
This version can be pinned in stack with:warp-3.2.13@sha256:955c95b865c57925d69649cf5039ce14a7d0b810e0f911d8dd6504b4d1086360,8134

Module documentation for 3.2.13


Warp is a server library for HTTP/1.x and HTTP/2 based WAI(Web Application Interface in Haskell). For more information, see Warp.



  • Tickling HTTP/2 timer. 624
  • Guarantee atomicity of WINDOW_UPDATE increments 622
  • Relax HTTP2 headers check 621


  • If an empty string is set by setServerName, the Server header is not included in response headers #619

  • Don’t throw exceptions when closing a keep-alive connection #618

  • Move exception handling to top of thread (fixes #613)


  • Fixing 10 HTTP2 bugs pointed out by h2spec v2.


  • Add connFree to Connection. Close socket connections on timeout triggered. Timeout exceptions extend from SomeAsyncException. #602 #605


  • Fixing a space leak. #586


  • Fixing HTTP2 requestBodyLength. #573
  • Making HTTP/2 :path optional for the CONNECT method. #572
  • Adding new APIs for HTTP/2 trailers: http2dataTrailers and modifyHTTP2Data #566


  • Adding new APIs for HTTP/2 server push: getHTTP2Data and setHTTP2Data #510
  • Better accept(2) error handling #553
  • Adding getGracefulShutdownTimeout.
  • Add {test,}withApplicationSettings #531


  • Using token based APIs of http2 1.6.


  • Ignoring errors from setSocketOption. #526.


  • Added withApplication, testWithApplication, and openFreePort
  • Fixing reaper delay value of file info cache.


  • Using http2 v1.5.x which much improves the performance of HTTP/2.
  • To get rid of the bottleneck of ByteString’s (==), a new logic to compare header names is introduced.


  • Throwing errno for pread #499.
  • Makeing compilable on Windows #505.


  • Add back warpVersion


  • Major version up due to breaking changes. This is because the HTTP/2 code was started over with Warp 3.1.3 due to performance issue #470.
  • runHTTP2, runHTTP2Env, runHTTP2Settings and runHTTP2SettingsSocket were removed from the Network.Wai.Handler.Warp module.
  • The performance of HTTP/2 was drastically improved. Now the performance of HTTP/2 is almost the same as that of HTTP/1.1.
  • The logic to handle files in HTTP/2 is now identical to that in HTTP/1.1.
  • Internal stuff was removed from the Network.Wai.Handler.Warp module according to the plan.


  • Setting lower bound for auto-update #495


  • Providing a new API: killManager.
  • Preventing space leaks due to Weak ThreadId #488
  • Setting upper bound for http2.


  • setFileInfoCacheDuration
  • setLogger
  • FileInfo/getFileInfo
  • Fix: warp-tls strips out the Host request header #478


  • Using the new priority queue based on PSQ provided by http2 lib again.


  • Using the new priority queue based on PSQ provided by http2 lib.


  • A concatenated Cookie header is prepended to the headers to ensure that it flows pseudo headers. #454
  • Providing a new settings: setHTTP2Disabled #450


  • Adding back http-types 0.8 support #449


  • Using http-types v0.9.
  • Fixing build on OpenBSD. #428 #440
  • Fixing build on Windows. #438


  • Using newer http2 library to prevent change table size attacks.
  • API for HTTP/2 server push and trailers. #426
  • Preventing response splitting attacks. #435
  • Concatenating multiple Cookie: headers in HTTP/2.


  • Warp now supports blaze-builder v0.4 or later only.
  • HTTP/2 code was improved: dynamic priority change, efficient queuing and sender loop continuation. #423 #424


  • Configurable Slowloris size #418


  • Fixing a bug of HTTP/2 when no FD cache is used #411
  • Fixing a buffer-pool bug #406 #407


  • Supporting HTTP/2 #399
  • Cleaning up APIs #387

  • Remove dependency on the void package #375


  • Turn off file descriptor cache by default #371

  • Fix for: HEAD requests returning non-empty entity body #369


  • Only conditionally produce HTTP 100 Continue


  • Better HEAD support for files #357


  • Fix missing IORef tweak
  • Disable timeouts as soon as request body is fully consumed. This addresses the common case of a non-chunked request body. Previously, we would wait until a zero-length ByteString is returned, but that is suboptimal for some cases. For more information, see issue 351.
  • Add pauseTimeout function

  • Don’t serve a 416 status code for 0-length files keter issue #75
  • Don’t serve content-length for 416 responses #346

Fix support for old versions of bytestring

Add support for blaze-builder 0.4


  • Add runEnv: like run but uses $PORT #334


Support for PROXY protocol, such as used by Amazon ELB TCP. This is useful since, for example, Amazon ELB HTTP does not have support for Websockets. More information on the protocol is available from Amazon.


Added setFork.


Modify flushing of request bodies. Previously, regardless of the size of the request body, the entire body would be flushed. When uploading large files to a web app that does not accept such files (e.g., returns a 413 too large status), browsers would still send the entire request body and the servers will still receive it.

The new behavior is to detect if there is a large amount of data still to be consumed and, if so, immediately terminate the connection. In the case of chunked request bodies, up to a maximum number of bytes is consumed before the connection is terminated.

This is controlled by the new setting setMaximumBodyFlush. A value of @Nothing@ will return the original behavior of flushing the entire body.


WAI no longer uses conduit for its streaming interface.


The onOpen and onClose settings now provide the SockAddr of the client, and onOpen can return a Bool which will close the connection. The responseRaw response has been added, which provides a more elegant way to handle WebSockets than the previous settingsIntercept. The old settings accessors have been deprecated in favor of new setters, which will allow settings changes to be made in the future without breaking backwards compatibility.


ResourceT is not used anymore. Request and Response is now abstract data types. To use their constructors, Internal module should be imported.


Support for byte range requests.


Sockets now have FD_CLOEXEC set on them. This behavior is more secure, and the change should not affect the vast majority of use cases. However, it appeared that this is buggy and is fixed in 2.0.0.