Skip to content

Latest commit

Β 

History

History
183 lines (123 loc) Β· 11.7 KB

CHANGELOG.md

File metadata and controls

183 lines (123 loc) Β· 11.7 KB

Changelog

v2.0.3 (2022-01-02)

πŸ› Bug Fix

Committers: 1

v2.0.2 (2021-12-20)

πŸ› Bug Fix

  • #271 Fastboot instance initializer throws if reportOnly config is false (@JoeyBG)

Committers: 1

v2.0.1 (2021-12-13)

πŸ› Bug Fix

🏠 Internal

  • #272 use a recent fastboot version in tests (@jelhan)

Committers: 2

v2.0.0 (2021-11-12)

v2.0.0 is the same as last pre-release (v2.0.0-5). It does not include any additional changes.

v2.0.0-5 (2021-10-28)

πŸ’₯ Breaking Change

πŸ› Bug Fix

  • #249 use environment from appConfig instead of deriving it ourselves (@jelhan)

πŸ“ Documentation

🏠 Internal

Committers: 3

v2.0.0-4 (2021-05-06)

πŸ› Bug Fix

  • #201 Support Ember CLI >= 3.26.0 and match injected script element by all supported Ember CLI versions with same RegExp (@snewcomer)

Committers: 1

v2.0.0-3 (2021-04-16)

πŸ› Bug Fix

πŸ“ Documentation

  • #195 Fix typo form-ancestors -> frame-ancestors in readme (@nicomihalich)
  • #188 remove duplicated entry in config interface documentation (@jelhan)

Committers: 4

v2.0.0-2 (2021-01-09)

πŸ› Bug Fix

  • #172 remove report-uri from policy delivered through meta (@jelhan)
  • #152 append frame-src config in test mode (@chbonser)
  • #158 Support live reload and add optional debug log (@jelhan)
  • #156 Remove existing 'none' keyword when applying to source list (@jelhan)

πŸ“ Documentation

🏠 Internal

Committers: 4

v2.0.0-1 (2020-04-15)

πŸ› Bug Fix

  • #143 development server should use config for test if serving /tests/ (@jelhan)

Committers: 1

v2.0.0-0 (2020-04-13)

This releases cumulates the work of 1 1/2 years. Main changes are:

  • It allows projects to test for CSP compliance.
  • It integrates with Ember FastBoot to set CSP header in FastBoot App Server.
  • It moves it's own configuration to config/content-security-policy.js and avoids injecting unnecessary configuration into run-time.
  • It introduces tests for it's own implementation to avoid regressions and increase stability.

The existing configuration syntax in config/environment.js is still supported but deprecated. You are recommended to migrate your configuration to config/content-security-policy.js as soon as possible. The deprecation guide contains migration instructions.

πŸ’₯ Breaking Change

  • #135 Do not set X-Content-Security-Policy header (@jelhan)
  • #107 Ensure csp-headers command emits to standard out (to allow for piping into other programs) (@Exelord)
  • #130 Drop Node 8, 9, and 11 support. (@rwjblue)
  • #87 Drop Ember CLI < 2.13 and Node 4 support (@loganrosen)

πŸš€ Enhancement

  • #91 Add ability to fail application / addon tests when a CSP violation is detected. (@jelhan)
  • #113 Set CSP header in FastBoot (@jelhan)
  • #104 Move config to config/content-security-policy.js (@jelhan) Previous Iterations:
    • #94 Refactor configuration to use ember-cli-content-security-policy (instead of contentSecurityPolicy) (@jelhan)
    • #97 Allow configuration to be specified in ember-cli-build.js (@jelhan)
  • #101 Avoid merging policies in build time configuration (@jelhan)
  • #84 Add option to output raw CSP (Closes #81) (@YoranBrondsema)
  • #121 Inject runtime config only if needed (if FastBoot dependency exists) (@jelhan)

πŸ› Bug Fix

  • #122 Consistent test results regardless of environment (@jelhan)
  • #134 Prevent unnecessary meta + reportOnly warning (@reidab)
  • #136 Do not override existing CSP headers in fastboot (@jelhan)
  • #129 Set status-code to 204 (no content) (@sandstrom)
  • #128 Don't add nonce to script-src when it already contains 'unsafe-inline' (@joukevandermaas)
  • #109 Fix support for --live-reload-host option (@jelhan)
  • #107 Ensure csp-headers command emits to standard out (to allow for piping into other programs) (@Exelord)
  • #96 Fix inconsistency between meta element and HTTP header regarding live reload support (@jelhan)
  • #95 Remove trailing whitespace from generated CSP string (@jelhan)

πŸ“ Documentation

🏠 Internal

Committers: 8