- #277 Fixing tiny typo in deprecation-warning (@GabrielCousin)
- Gabriel Cousin (@GabrielCousin)
- Joey Bolduc-Gilbert (@JoeyBG)
v2.0.0 is the same as last pre-release (v2.0.0-5). It does not include any additional changes.
- #198 Update Ember CLI blueprints to 3.26.0 (@snewcomer)
- #202 Run scenarios with expected Ember CLI version (@jelhan)
- Jeldrik Hanschke (@jelhan)
- Scott Newcomer (@snewcomer)
- @dependabot-preview[bot]
- #201 Support Ember CLI >= 3.26.0 and match injected script element by all supported Ember CLI versions with same RegExp (@snewcomer)
- Scott Newcomer (@snewcomer)
- #197 Support Ember CLI >= 3.25.1 (@snewcomer)
- #195 Fix typo
form-ancestors
->frame-ancestors
in readme (@nicomihalich) - #188 remove duplicated entry in config interface documentation (@jelhan)
- Jeldrik Hanschke (@jelhan)
- Nico Mihalich (@nicomihalich)
- Scott Newcomer (@snewcomer)
- @dependabot-preview[bot]
- #172 remove report-uri from policy delivered through meta (@jelhan)
- #152 append frame-src config in test mode (@chbonser)
- #158 Support live reload and add optional debug log (@jelhan)
- #156 Remove existing 'none' keyword when applying to source list (@jelhan)
- #160 doc: updated default mixpanel config (@MichalBryxi)
- #170 migrate from TravisCI to GitHub Actions (@jelhan)
- #164 test that addon does not break newly generated projects (@jelhan)
- #162 setup Prettier (@zg3d)
- #161 run tests against untouched package (@jelhan)
- #154 refactor tests to use Ember Addon Tests (@jelhan)
- Chris Bonser (@chbonser)
- Devansh Shah (@zg3d)
- Jeldrik Hanschke (@jelhan)
- Michal BryxΓ (@MichalBryxi)
- Jeldrik Hanschke (@jelhan)
This releases cumulates the work of 1 1/2 years. Main changes are:
- It allows projects to test for CSP compliance.
- It integrates with Ember FastBoot to set CSP header in FastBoot App Server.
- It moves it's own configuration to
config/content-security-policy.js
and avoids injecting unnecessary configuration into run-time. - It introduces tests for it's own implementation to avoid regressions and increase stability.
The existing configuration syntax in config/environment.js
is still supported but deprecated. You are recommended to migrate your configuration to config/content-security-policy.js
as soon as possible. The deprecation guide contains migration instructions.
- #135 Do not set X-Content-Security-Policy header (@jelhan)
- #107 Ensure
csp-headers
command emits to standard out (to allow for piping into other programs) (@Exelord) - #130 Drop Node 8, 9, and 11 support. (@rwjblue)
- #87 Drop Ember CLI < 2.13 and Node 4 support (@loganrosen)
- #91 Add ability to fail application / addon tests when a CSP violation is detected. (@jelhan)
- #113 Set CSP header in FastBoot (@jelhan)
- #104 Move config to config/content-security-policy.js (@jelhan) Previous Iterations:
- #101 Avoid merging policies in build time configuration (@jelhan)
- #84 Add option to output raw CSP (Closes #81) (@YoranBrondsema)
- #121 Inject runtime config only if needed (if FastBoot dependency exists) (@jelhan)
- #122 Consistent test results regardless of environment (@jelhan)
- #134 Prevent unnecessary meta + reportOnly warning (@reidab)
- #136 Do not override existing CSP headers in fastboot (@jelhan)
- #129 Set status-code to 204 (no content) (@sandstrom)
- #128 Don't add nonce to script-src when it already contains 'unsafe-inline' (@joukevandermaas)
- #109 Fix support for --live-reload-host option (@jelhan)
- #107 Ensure
csp-headers
command emits to standard out (to allow for piping into other programs) (@Exelord) - #96 Fix inconsistency between meta element and HTTP header regarding live reload support (@jelhan)
- #95 Remove trailing whitespace from generated CSP string (@jelhan)
- #108 Upgrade deprecation message for legacy configuration (@jelhan)
- #102 Add a deprecation guide (@jelhan)
- #115 Run tests against different Ember CLI versions in CI (@jelhan)
- #131 Add automated release setup. (@rwjblue)
- #126 Upgrade dependencies (@jelhan)
- Jeldrik Hanschke (@jelhan)
- Jouke van der Maas (@joukevandermaas)
- Logan Rosen (@loganrosen)
- Maciej KwaΕniak (@Exelord)
- Reid Beels (@reidab)
- Robert Jackson (@rwjblue)
- Yoran Brondsema (@YoranBrondsema)
- @sandstrom