v2.0.3 (2022-01-02)

:bug: Bug Fix

• #277 Fixing tiny typo in deprecation-warning (@GabrielCousin)

Committers: 1

• Gabriel Cousin (@GabrielCousin)

v2.0.2 (2021-12-20)

:bug: Bug Fix

• #271 Fastboot instance initializer throws if reportOnly config is false (@JoeyBG)

Committers: 1

• Joey Bolduc-Gilbert (@JoeyBG)

v2.0.1 (2021-12-13)

:bug: Bug Fix

• #274 fix: pass environment into readConfig (@guidojw)

:house: Internal

• #272 use a recent fastboot version in tests (@jelhan)

Committers: 2

• Guido de Jong (@guidojw)
• Jeldrik Hanschke (@jelhan)

v2.0.0 (2021-11-12)

v2.0.0 is the same as last pre-release (v2.0.0-5). It does not include any additional changes.

v2.0.0-5 (2021-10-28)

:boom: Breaking Change

• #243 drop support for node 10 (@jelhan)

:bug: Bug Fix

• #249 use environment from appConfig instead of deriving it ourselves (@jelhan)

:memo: Documentation

• #246 document Embroider compatiblity (@jelhan)

:house: Internal

• #198 Update Ember CLI blueprints to 3.26.0 (@snewcomer)
• #202 Run scenarios with expected Ember CLI version (@jelhan)

Committers: 3

• Jeldrik Hanschke (@jelhan)
• Scott Newcomer (@snewcomer)
• @dependabot-preview[bot]

v2.0.0-4 (2021-05-06)

:bug: Bug Fix

• #201 Support Ember CLI >= 3.26.0 and match injected script element by all supported Ember CLI versions with same RegExp (@snewcomer)

Committers: 1

• Scott Newcomer (@snewcomer)

v2.0.0-3 (2021-04-16)

:bug: Bug Fix

• #197 Support Ember CLI >= 3.25.1 (@snewcomer)

:memo: Documentation

• #195 Fix typo form-ancestors -> frame-ancestors in readme (@nicomihalich)
• #188 remove duplicated entry in config interface documentation (@jelhan)

Committers: 4

• Jeldrik Hanschke (@jelhan)
• Nico Mihalich (@nicomihalich)
• Scott Newcomer (@snewcomer)
• @dependabot-preview[bot]

v2.0.0-2 (2021-01-09)

:bug: Bug Fix

• #172 remove report-uri from policy delivered through meta (@jelhan)
• #152 append frame-src config in test mode (@chbonser)
• #158 Support live reload and add optional debug log (@jelhan)
• #156 Remove existing 'none' keyword when applying to source list (@jelhan)

:memo: Documentation

• #160 doc: updated default mixpanel config (@MichalBryxi)

:house: Internal

• #170 migrate from TravisCI to GitHub Actions (@jelhan)
• #164 test that addon does not break newly generated projects (@jelhan)
• #162 setup Prettier (@zg3d)
• #161 run tests against untouched package (@jelhan)
• #154 refactor tests to use Ember Addon Tests (@jelhan)

Committers: 4

• Chris Bonser (@chbonser)
• Devansh Shah (@zg3d)
• Jeldrik Hanschke (@jelhan)
• Michal Bryxí (@MichalBryxi)

v2.0.0-1 (2020-04-15)

:bug: Bug Fix

• #143 development server should use config for test if serving /tests/ (@jelhan)

Committers: 1

• Jeldrik Hanschke (@jelhan)

v2.0.0-0 (2020-04-13)

This releases cumulates the work of 1 1/2 years. Main changes are:

• It allows projects to test for CSP compliance.
• It integrates with Ember FastBoot to set CSP header in FastBoot App Server.
• It moves it's own configuration to config/content-security-policy.js and avoids injecting unnecessary configuration into run-time.
• It introduces tests for it's own implementation to avoid regressions and increase stability.

The existing configuration syntax in config/environment.js is still supported but deprecated. You are recommended to migrate your configuration to config/content-security-policy.js as soon as possible. The deprecation guide contains migration instructions.

:boom: Breaking Change

• #135 Do not set X-Content-Security-Policy header (@jelhan)
• #107 Ensure csp-headers command emits to standard out (to allow for piping into other programs) (@Exelord)
• #130 Drop Node 8, 9, and 11 support. (@rwjblue)
• #87 Drop Ember CLI < 2.13 and Node 4 support (@loganrosen)

:rocket: Enhancement

• #91 Add ability to fail application / addon tests when a CSP violation is detected. (@jelhan)
• #113 Set CSP header in FastBoot (@jelhan)
• #104 Move config to config/content-security-policy.js (@jelhan) Previous Iterations:
  • #94 Refactor configuration to use ember-cli-content-security-policy (instead of contentSecurityPolicy) (@jelhan)
  • #97 Allow configuration to be specified in ember-cli-build.js (@jelhan)
• #101 Avoid merging policies in build time configuration (@jelhan)
• #84 Add option to output raw CSP (Closes #81) (@YoranBrondsema)
• #121 Inject runtime config only if needed (if FastBoot dependency exists) (@jelhan)

:bug: Bug Fix

• #122 Consistent test results regardless of environment (@jelhan)
• #134 Prevent unnecessary meta + reportOnly warning (@reidab)
• #136 Do not override existing CSP headers in fastboot (@jelhan)
• #129 Set status-code to 204 (no content) (@sandstrom)
• #128 Don't add nonce to script-src when it already contains 'unsafe-inline' (@joukevandermaas)
• #109 Fix support for --live-reload-host option (@jelhan)
• #107 Ensure csp-headers command emits to standard out (to allow for piping into other programs) (@Exelord)
• #96 Fix inconsistency between meta element and HTTP header regarding live reload support (@jelhan)
• #95 Remove trailing whitespace from generated CSP string (@jelhan)

:memo: Documentation

• #108 Upgrade deprecation message for legacy configuration (@jelhan)
• #102 Add a deprecation guide (@jelhan)

:house: Internal

• #115 Run tests against different Ember CLI versions in CI (@jelhan)
• #131 Add automated release setup. (@rwjblue)
• #126 Upgrade dependencies (@jelhan)

Committers: 8

• Jeldrik Hanschke (@jelhan)
• Jouke van der Maas (@joukevandermaas)
• Logan Rosen (@loganrosen)
• Maciej Kwaśniak (@Exelord)
• Reid Beels (@reidab)
• Robert Jackson (@rwjblue)
• Yoran Brondsema (@YoranBrondsema)
• @sandstrom