UNPKG

3.94 kBMarkdownView Raw
1# Changelog
2
3## 3.4.0 - 2021-05-02
4
5### Added
6
7- New `useDefaults` option, defaulting to `false`, lets you selectively override defaults more easily
8
9## 3.3.1 - 2020-12-27
10
11### Fixed
12
13- Broken TypeScript types. See [#283](https://github.com/helmetjs/helmet/issues/283)
14
15## 3.3.0 - 2020-12-27
16
17### Added
18
19- Setting the `default-src` to `contentSecurityPolicy.dangerouslyDisableDefaultSrc` disables it
20
21## 3.2.0 - 2020-11-01
22
23### Added
24
25- Get the default directives with `contentSecurityPolicy.getDefaultDirectives()`
26
27## 3.1.0 - 2020-08-15
28
29### Added
30
31- Directive values can now include functions, as they could in Helmet 3. See [#243](https://github.com/helmetjs/helmet/issues/243)
32
33## 3.0.0 - 2020-08-02
34
35### Added
36
37- If no `default-src` directive is supplied, an error is thrown
38- Directive lists can be any iterable, not just arrays
39
40### Changed
41
42- There is now a default set of directives if none are supplied
43- Duplicate keys now throw an error. See [helmetjs/csp#73](https://github.com/helmetjs/csp/issues/73)
44- This middleware is more lenient, allowing more directive names or values
45
46### Removed
47
48- Removed browser sniffing (including the `browserSniff` parameter). See [#97](https://github.com/helmetjs/csp/issues/97)
49- Removed conditional support. This includes directive functions and support for a function as the `reportOnly`. [Read this if you need help.](https://github.com/helmetjs/helmet/wiki/Conditionally-using-middleware)
50- Removed a lot of checks—you should be checking your CSP with a different tool
51- Removed support for legacy headers (and therefore the `setAllHeaders` parameter). [Read this if you need help.](https://github.com/helmetjs/helmet/wiki/Setting-legacy-Content-Security-Policy-headers-in-Helmet-4)
52- Dropped support for old Node versions. Node 10+ is now required
53- Removed the `loose` option
54- Removed support for functions as directive values. You must supply an iterable of strings
55- Removed the `disableAndroid` option
56
57## 2.9.5 - 2020-02-22
58
59### Changed
60
61- Updated `bowser` subdependency from 2.7.0 to 2.9.0
62
63### Fixed
64
65- Fixed an issue some people were having when importing the `bowser` subdependency. See [#96](https://github.com/helmetjs/csp/issues/96) and [#101](https://github.com/helmetjs/csp/pull/101)
66- Fixed a link in the readme. See [#100](https://github.com/helmetjs/csp/pull/100)
67
68## 2.9.4 - 2019-10-21
69
70### Changed
71
72- Updated `bowser` subdependency from 2.6.1 to 2.7.0. See [#94](https://github.com/helmetjs/csp/pull/94)
73
74## 2.9.3 - 2019-09-30
75
76### Fixed
77
78- Published a missing TypeScript type definition file. See [#90](https://github.com/helmetjs/csp/issues/90)
79
80## 2.9.2 - 2019-09-20
81
82### Fixed
83
84- Fixed a bug where a request from Firefox 4 could delete `default-src` from future responses
85- Fixed tablet PC detection by updating `bowser` subdependency to latest version
86
87## 2.9.1 - 2019-09-04
88
89### Changed
90
91- Updated `bowser` subdependency from 2.5.3 to 2.5.4. See [#88](https://github.com/helmetjs/csp/pull/88)
92
93### Fixed
94
95- The "security" keyword was declared twice in package metadata. See [#87](https://github.com/helmetjs/csp/pull/87)
96
97## 2.9.0 - 2019-08-28
98
99### Added
100
101- Added TypeScript type definitions. See [#86](https://github.com/helmetjs/csp/pull/86)
102
103### Fixed
104
105- Switched from `platform` to `bowser` to quiet a security vulnerability warning. See [#80](https://github.com/helmetjs/csp/issues/80)
106
107## 2.8.0 - 2019-07-24
108
109### Added
110
111- Added a new `sandbox` directive, `allow-downloads-without-user-activation` (see [#85](https://github.com/helmetjs/csp/pull/85))
112- Created a changelog
113- Added some package metadata
114
115### Changed
116
117- Updated documentation to use ES2015
118- Updated documentation to remove dependency on UUID package
119- Updated `content-security-policy-builder` to 2.1.0
120- Excluded some files from the npm package
121
122Changes in versions 2.7.1 and below can be found in [Helmet's changelog](https://github.com/helmetjs/helmet/blob/master/CHANGELOG.md).