All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Removed dependency on Active Support
- Replaced
eval()
calls withJSON.parse()
for improved security - Small spec alignment changes (risk_api and block activities)
- URLs with query params did not render properly on new block page
- Custom logo in block JSON response
- Updated block page to use new template
- bypass_monitor_header type validation
- First Party
- Added option to set a different px configuration on each request
- Added types validation on configuration fields
- New cookie logic for mobile requests
- Renamed api_connect_timeout to api_timeout_conncection on default configuration
- Removed unsapported configuration fields: max_buffer_len and local_proxy
- Send cookie_origin only if there is a cookie
- Added fields to Block Activity: simulated_block, http_version, http_method, risk_rtt, px_orig_cookie
- Added fields to page_requested activity: pass_reason, risk_rtt, px_orig_cookie
- Added px_orig_cookie field to risk_api in case of cookie_decryption_failed
- Added support for captcha v2
- Added support for Advanced Blocking Response
- Added support for whitelise routes
- Added support for bypass monitor header
- Added support for extracting vid from _pxvid cookie
- Added support for rate limit
- Added risk_cookie_max_iterations configuration
- Updated dependencies
- Updated sample site dockerfile
- Fixed monitor mode
- Fixed send_page_activities and send_block_activities configurations
- Updated risk to v3
- Refactored ip header extraction
- Renamed block_uuid field to client_uuid
- Renamed perimeterx_server_host configuration to backend_url
- Updated risk_response handling: pass the request if risk_response.status is -1
- Forcing http header values to be utf8
- Incorrect assigment for s2s_call_reason
- Fixed empty token result correct s2s reason
- Added support to captcha api v2
- Mobile sdk support for special tokens 1/2/3
- Sending client_uuid on page_requested activities
- Supporting mobile sdk
- Using
request.env
instead ofenv
- Default timeouts for post api requests
- Fixed Dockerfile
- Removed httpclient and instead using typheous
- Using concurrent-ruby for async post requests
- Added support for sensitive routes
- Added request format into context for custom callbacks
- Constants on px_constants
- Cookie Validation flow when cookie score was over the configured threshold
- Using symbols instead of strings for requests body