4.2.0

What's Changed

• Allow setting no XSS header by @grahamburgsma in #30

New Contributors

• @grahamburgsma made their first contribution in #30

Full Changelog: 4.1.0...4.2.0

4.1.0

What's Changed

• Add Allowed Hosts to HTTPSRedirectMiddleware by @0xTim in #29

Full Changelog: 4.0.0...4.1.0

4.0.0

This is a major release to tidy up the API and disable X-XSS-Protection

What's Changed

• Disable X-XSS-Protection filter, for safety by @EvanHahn in #26
• Add support for fallback referrer policies by @EvanHahn in #27

New Contributors

• @EvanHahn made their first contribution in #26

Full Changelog: 3.2.0...4.0.0

3.2.0

Vapor Security Headers 3.2.0

Adds the ability to construct different header options using [String] instead of just using variadic parameters. This makes it easier to extract out common code (#24)

3.1.0

Adds a new HTTPSRedirectMiddleware to redirect all requests on production to HTTPS to enable HSTS checks to be satisfied (#23)

3.0.0

Updated for Vapor 4 🎉

See the README for updated usage instructions.

2.1.1

Vapor Security Headers 2.1.1

Issues fixed in this release:

• #15 - fix compiler warning when building with Swift 5

2.1.0

Vapor Security Headers 2.1.0

This release contains major improvements to using CSP with the security headers. The API for adding it now includes a much nicer Swifty solution. Check out the README for more details!

PRs in this release:

• #14 - Add CSP builder

2.0.0

Vapor Security Headers 2.0.0

• #10 Add support for Vapor 3!

See the README for usage details.

2.0.0 RC 1

Vapor Security Headers 2.0.0 RC 1

Adds support for Vapor 3! Things still work mostly the same, you just need to change how you register the middleware for Vapor 3.

Note: Per page CSP configuration requires an additional service to be registered.

For information on how to use, see the README