Skip to content

Commit 6637b72

Browse files
RubenVerborghRubenVerborgh
authored
Update CHANGELOG for version 4.0.0 (#534)
1 parent aaf2a2e commit 6637b72

File tree

1 file changed

+36
-0
lines changed

1 file changed

+36
-0
lines changed

CHANGELOG.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,41 @@
11
# History
22

3+
## 4.0.0
4+
- OIDC is now supported as authentication method in addition to WebID-TLS.
5+
- Both Node.js 6 and 8 are now supported.
6+
- The server now accepts N3 patches.
7+
- Responses now contain a WAC-Allow header, listing the access permissions
8+
for the current user and non-authenticated users.
9+
- The `authProxy` configuration parameter has been added,
10+
enabling back-end servers to serve authenticated content.
11+
It accepts an object of path/server pairs
12+
(such as `/my/path": "http://localhost:2345/app"`).
13+
The Solid server acts as a reverse proxy for these paths, forwarding requests
14+
to the back-end server along with the authenticated user (`User` header)
15+
and the host through which Solid is being accessed (`Forwarded` header).
16+
- The `acceptCertificateHeader` configuration parameter has been added.
17+
This allows WebID-TLS authentication behind a reverse proxy such as NGINX:
18+
the reverse proxy should be configured to pass the client certificate
19+
in a certain header, which is then read by a (non-public) Solid server.
20+
- Self-signed certificates are no longer trusted in production.
21+
To allow self-signed certificates (for testing purposes), use `bin/solid-test`,
22+
which sets `NODE_TLS_REJECT_UNAUTHORIZED=0` and `--no-reject-unauthorized`.
23+
- On POST requests, an extension will be appended to the file.
24+
- Server logging is now more concise.
25+
- Express server injection is now supported
26+
- The root route (e.g. `/`) now displays a public home page.
27+
- Several other bugfixes
28+
29+
#### 4.0.0 Upgrade Notes
30+
- The `proxy` configuration parameter has been deprecated and
31+
renamed to `corsProxy` to better distinguish it from `authProxy`.
32+
- The `idp` configuration parameter has been deprecated and
33+
renamed to `multiuser` to better identify its purpose.
34+
- Cross-domain cookie-based authentication has been removed for security reasons.
35+
We instead recommend https://github.com/solid/solid-auth-client.
36+
- Clients should not include an extension in the slug of POST requests
37+
(they never should have), as the server now adds an extension.
38+
339
## 3.5.0
440

541
- Major refactoring of Account Creation classes (new account resources are now

0 commit comments

Comments
 (0)