1.9.0
Warning
Setting CORS environment variable to all is not supported anymore. By default the only the CLIENT_ENDPOINT is authorized as an origin. If you want to allow all origins (which is enough in most cases), please follow the CORS readme section.
Bug fixes
- Many security fixes, again thanks @RagingCactus
- Respect COOKIE_VALIDITY_MS setting in production by @RagingCactus in #365
Miscellaneous
- Sider design rework by @quentinguidee in #360
- Allow GETing
/versionwithout being logged by @bloedboemmel in #367
New Contributors
- @RagingCactus made their first contribution in #365
- @bloedboemmel made their first contribution in #367
Full Changelog: 1.8.1...1.9.0
Contributors
RagingCactus, quentinguidee, and bloedboemmel