Allow the Authorization header to be used on CORS requests
Disallow unused methods like PUT and DELETE on CORS requests
Stop IE prematurely garbage-collecting XDomainRequest objects
Make sure messages can be sent if they overflow the request size limit and the outbox is empty
Don't send messages over WebSockets unless they are in the 'open' ready-state
Fix a bug preventing use of the in-process transport in Ruby

1.1.1

Diff

jcoglan

published 1.1.1 • 10 years ago

Changelog

Source

1.1.1 / 2015-02-25

Make sure the client ID associated with a WebSocket is not dropped, so the socket can be closed properly
Handle cases where a JSON-P endpoint returns no response argument
Stop trying to retry messages after the client has been disconnected
Remove duplication of the client ID in EventSource URLs

1.1.0

Diff

jcoglan

published 1.1.0 • 10 years ago

Changelog

Source

1.1.0 / 2014-12-22

Allow the server and client to use WebSocket extensions, for example permessage-deflate
Support the HTTP_PROXY and HTTPS_PROXY environment variables to send all client connections through an HTTP proxy
Introduce the Scheduler API to allow the user to control message retries
Add the attempts and deadline options to Client#publish()
Let RackAdapter take a block that yields the instance, so extensions can be added to middleware
Allow monitoring listeners to see the clientId on publishd messages but still avoid sending it to subscribers
Return a promise from Client#disconnect()
Fix client-side retry bugs causing the client to flood the server with duplicate messages
Send all transport types in the supportedConnectionTypes handshake parameter
Don't close WebSockets when the client recovers from an error and sends a new clientId
Replace cookiejar with tough-cookie to avoid global variable leaks

0.8.11

Diff

jcoglan

published 0.8.11 • 10 years ago

Changelog

Source

0.8.11 / 2014-07-08

Make some changes to JSON-P responses to mitigate the Rosetta Flash attack
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/

1.0.3

Diff

jcoglan

published 1.0.3 • 10 years ago

Changelog

Source

1.0.3 / 2014-07-08

Make some changes to JSON-P responses to mitigate the Rosetta Flash attack
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/

1.0.1

Diff

jcoglan

published 1.0.1 • 11 years ago

Changelog

Source

1.0.1 / 2013-12-10

Add Adapter#close() method for gracefully shutting down the server
Fix error recover bug in WebSocket that made transport cycle through up/down state
Update Promise implementation to pass promises-aplus-tests 2.0
Correct some incorrect variable names in the Ruby transports
Make logging methods public to fix a problem on Ruby 2.1

1.0.0

Diff

jcoglan

published 1.0.0 • 11 years ago

Changelog

Source

1.0.0 / 2013-10-01

Client changes:
- Allow clients to be instantiated with URI objects rather than strings
- Add a ca option to the Node Client class for passing in trusted server certificates
- Objects supporting the callback() method in JavaScript are now Promises
- Fix protocol-relative URI parsing in the client
- Remove the getClientId() and getState() methods from the Client class
Transport changes:
- Add request-size limiting to all batching transports
- Make the WebSocket transport more robust against quiet network periods and clients going to sleep
- Support cookies across all transports when using the client on Node.js or Ruby
- Support custom headers in the cross-origin-long-polling and server-side websocket transports
Adapter changes:
- Support the rack.hijack streaming API
- Migrate to MultiJson for JSON handling on Ruby, allowing use of JRuby
- Escape U+2028 and U+2029 in JSON-P output
- Fix a bug stopping requests being routed when the mount point is /
- Fix various bugs that cause errors to be thrown if we try to send a message over a closed socket
- Remove the listen() method from Adapter in favour of using server-specific APIs
Server changes:
- Use cryptographically secure random number generators to create client IDs
- Allow extensions to access request properties by using 3-ary methods
- Objects supporting the bind() method now implement the full EventEmitter API
- Stop the server from forwarding the clientId property of published messages
Miscellaneous:
- Support Browserify by returning the client module
- Faye.logger can now be a logger object rather than a function

0.8.9

Diff

jcoglan

published 0.8.9 • 12 years ago

Changelog

Source

0.8.9 / 2013-02-26

Specify ciphers for SSL on Node to mitigate the BEAST attack
Mitigate increased risk of socket hang-up errors in Node v0.8.20
Fix race condition when processing outgoing extensions in the Node server
Fix problem loading the client script when using {mount: '/'}
Clean up connection objects when a WebSocket is re-used with a new clientId
All JavaScript code now runs in strict mode
Select transport on handshake, instead of on client creation to allow time for disable() calls
Do not speculatively open WebSocket/EventSource connections if they are disabled
Gracefully handle WebSocket messages with no data on the client side
Close and reconnect WebSocket when onerror is fired, not just when onclose is fired
Fix problem with caching of EventSource connections with stale clientIds
Don't parse query strings when checking if a URL is same-origin or not