1 | # Changelog
|
2 |
|
3 | ## 3.4.0 - 2021-05-02
|
4 |
|
5 | ### Added
|
6 |
|
7 | - New `useDefaults` option, defaulting to `false`, lets you selectively override defaults more easily
|
8 |
|
9 | ## 3.3.1 - 2020-12-27
|
10 |
|
11 | ### Fixed
|
12 |
|
13 | - Broken TypeScript types. See [#283](https://github.com/helmetjs/helmet/issues/283)
|
14 |
|
15 | ## 3.3.0 - 2020-12-27
|
16 |
|
17 | ### Added
|
18 |
|
19 | - Setting the `default-src` to `contentSecurityPolicy.dangerouslyDisableDefaultSrc` disables it
|
20 |
|
21 | ## 3.2.0 - 2020-11-01
|
22 |
|
23 | ### Added
|
24 |
|
25 | - Get the default directives with `contentSecurityPolicy.getDefaultDirectives()`
|
26 |
|
27 | ## 3.1.0 - 2020-08-15
|
28 |
|
29 | ### Added
|
30 |
|
31 | - Directive values can now include functions, as they could in Helmet 3. See [#243](https://github.com/helmetjs/helmet/issues/243)
|
32 |
|
33 | ## 3.0.0 - 2020-08-02
|
34 |
|
35 | ### Added
|
36 |
|
37 | - If no `default-src` directive is supplied, an error is thrown
|
38 | - Directive lists can be any iterable, not just arrays
|
39 |
|
40 | ### Changed
|
41 |
|
42 | - There is now a default set of directives if none are supplied
|
43 | - Duplicate keys now throw an error. See [helmetjs/csp#73](https://github.com/helmetjs/csp/issues/73)
|
44 | - This middleware is more lenient, allowing more directive names or values
|
45 |
|
46 | ### Removed
|
47 |
|
48 | - Removed browser sniffing (including the `browserSniff` parameter). See [#97](https://github.com/helmetjs/csp/issues/97)
|
49 | - Removed conditional support. This includes directive functions and support for a function as the `reportOnly`. [Read this if you need help.](https://github.com/helmetjs/helmet/wiki/Conditionally-using-middleware)
|
50 | - Removed a lot of checks—you should be checking your CSP with a different tool
|
51 | - Removed support for legacy headers (and therefore the `setAllHeaders` parameter). [Read this if you need help.](https://github.com/helmetjs/helmet/wiki/Setting-legacy-Content-Security-Policy-headers-in-Helmet-4)
|
52 | - Dropped support for old Node versions. Node 10+ is now required
|
53 | - Removed the `loose` option
|
54 | - Removed support for functions as directive values. You must supply an iterable of strings
|
55 | - Removed the `disableAndroid` option
|
56 |
|
57 | ## 2.9.5 - 2020-02-22
|
58 |
|
59 | ### Changed
|
60 |
|
61 | - Updated `bowser` subdependency from 2.7.0 to 2.9.0
|
62 |
|
63 | ### Fixed
|
64 |
|
65 | - Fixed an issue some people were having when importing the `bowser` subdependency. See [#96](https://github.com/helmetjs/csp/issues/96) and [#101](https://github.com/helmetjs/csp/pull/101)
|
66 | - Fixed a link in the readme. See [#100](https://github.com/helmetjs/csp/pull/100)
|
67 |
|
68 | ## 2.9.4 - 2019-10-21
|
69 |
|
70 | ### Changed
|
71 |
|
72 | - Updated `bowser` subdependency from 2.6.1 to 2.7.0. See [#94](https://github.com/helmetjs/csp/pull/94)
|
73 |
|
74 | ## 2.9.3 - 2019-09-30
|
75 |
|
76 | ### Fixed
|
77 |
|
78 | - Published a missing TypeScript type definition file. See [#90](https://github.com/helmetjs/csp/issues/90)
|
79 |
|
80 | ## 2.9.2 - 2019-09-20
|
81 |
|
82 | ### Fixed
|
83 |
|
84 | - Fixed a bug where a request from Firefox 4 could delete `default-src` from future responses
|
85 | - Fixed tablet PC detection by updating `bowser` subdependency to latest version
|
86 |
|
87 | ## 2.9.1 - 2019-09-04
|
88 |
|
89 | ### Changed
|
90 |
|
91 | - Updated `bowser` subdependency from 2.5.3 to 2.5.4. See [#88](https://github.com/helmetjs/csp/pull/88)
|
92 |
|
93 | ### Fixed
|
94 |
|
95 | - The "security" keyword was declared twice in package metadata. See [#87](https://github.com/helmetjs/csp/pull/87)
|
96 |
|
97 | ## 2.9.0 - 2019-08-28
|
98 |
|
99 | ### Added
|
100 |
|
101 | - Added TypeScript type definitions. See [#86](https://github.com/helmetjs/csp/pull/86)
|
102 |
|
103 | ### Fixed
|
104 |
|
105 | - Switched from `platform` to `bowser` to quiet a security vulnerability warning. See [#80](https://github.com/helmetjs/csp/issues/80)
|
106 |
|
107 | ## 2.8.0 - 2019-07-24
|
108 |
|
109 | ### Added
|
110 |
|
111 | - Added a new `sandbox` directive, `allow-downloads-without-user-activation` (see [#85](https://github.com/helmetjs/csp/pull/85))
|
112 | - Created a changelog
|
113 | - Added some package metadata
|
114 |
|
115 | ### Changed
|
116 |
|
117 | - Updated documentation to use ES2015
|
118 | - Updated documentation to remove dependency on UUID package
|
119 | - Updated `content-security-policy-builder` to 2.1.0
|
120 | - Excluded some files from the npm package
|
121 |
|
122 | Changes in versions 2.7.1 and below can be found in [Helmet's changelog](https://github.com/helmetjs/helmet/blob/master/CHANGELOG.md).
|