Skip to content

v0.4.0
Compare
Choose a tag to compare
@GabeIsman GabeIsman released this 14 Sep 00:00
v0.4.0
a5514e3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is a small but important update that has the potential to break some setups. If you've been setting the KLAXON_FORCE_SSL environment variable to false in production, you will have trouble using certain browsers (notably chrome) to log in to Klaxon. If you have no idea what I'm talking about, you're probably fine.

In order to fix #377 I've updated all of Klaxon's cookies to use the SameSite=None attribute. In order to accept those cookies, Chrome requires the Secure attribute to also be present, which can only be set on cookies delivered over HTTPS. If you've been using Klaxon without HTTPS (it's on by default in the Heroku setup), I urge you to upgrade to HTTPS for your instance. If that's impractical, please get in touch with me and we can work something out.

Thanks to @immewnity for contributing discord support in this release!

Assets 2
Loading