Sha256: d416f6d37991651d257120402d8bb8f7e0c76fc30263f50188edd196ecb41a12
Contents?: true
Size: 1.32 KB
Versions: 36
Compression:
Stored size: 1.32 KB
Contents
= New Features * A check_csrf configuration method has been added for checking the CSRF token. This is useful in cases where the CSRF protection is provided by something other than the Roda route_csrf plugin. = Other Improvements * When using the http_basic_auth feature, logged_in? now checks for Basic authentication if the session is not already authenticated and Basic authentication has not yet been checked. This increases compatibility for applications that were using the http_basic_auth feature in Rodauth 1. * When creating accounts, the password field now correctly uses the new-password autocomplete attribute instead of the current-password autocomplete attribute. * When using the jwt feature, Rodauth no longer checks CSRF tokens in requests to Rodauth routes if the request submitted is a JSON request, includes a JWT, or Rodauth has been configured in JSON-only mode. * When using the verify_account_grace_period feature, if there is an unverified account without a password, do not consider the account open. Attempting to login into the account in such a case now shows a message letting the user know to verify the account. * The json_response_body configuration method is now used consistently in the jwt feature for all JSON responses. Previously, there were some cases that did not use it.
Version data entries
36 entries across 36 versions & 1 rubygems