What's New

Version 1.2.1

Released 2025-07-03

Added

  • Fixed the validation of the enforcer config path in the CLI tool.

Version 1.2.0

Released 2025-07-02

Added

  • Configuration for adding the Secure flag to PXHD cookie.
  • GraphQL query keyword GraphQL query keyword extraction via string/regex (px_graphql_keywords) and custom function (px_extract_graphql_keywords)
  • Support for interpreting regex-formatted strings in various configurations.
  • Added support for Response custom parameters 11-20 for async activities.
  • Support for px_async_timeout configuration which applies to async activities, telemetry, remote logger, and remote configuration
  • Added cookie secret rotation support
  • Added a CLI for generating Azure Front Door resources for the HUMAN Security Azure Enforcer.
  • Build files for ESM, CJS, and declarations.

Changed

  • Updated JS Core to v0.30.1
  • Using raw URL instead of parsed URL in block page captcha script query parameter
  • converted fields: login_successful_reporting_method, sent_through of CredentialEndpointConfiguration to optional.
  • Aligned the telemetry activity structure to spec
  • Updated the captcha template

Fixed

  • Bug fixes related to GraphQL operation name extraction and telemetry regex handling.
  • Fixed issue where unvalidated _pxvid value was added to the captcha page

Version 1.1.1

Released 2025-06-10

  • Fixed Set-Cookie response header flattening issue, using built-in Cookie type

Version 1.1.0

Released 2023-12-28

  • Added support for header-based logger feature
  • Added support for Hype Sale Challenge feature
  • Added support for url decode reserved characters feature
  • Added a configuration for secure PXHD
  • Added a configuration for first party timeout
  • Added base64-encoded URL to captcha script query parameters on block pages
  • Changed Bot Defender captcha page to client-side first party timeout
  • Aligned and added new fields to the risk API and async activities
  • Various bug fixes and more accurate TypeScript typings

Version 1.0.1

Released 2023-07-31

  • Normalized URL parsing
  • Fixed a minor bug where block pages would add "/captcha.js" when custom first party captcha endpoint was configured
  • Fixed occasional 502 errors on first party sensor requests due to transfer-encoding: chunked header

Version 1.0.0

Released 2023-06-29

  • Added CORS support
  • Added custom first party endpoints support
  • Added Credential Intelligence, including support for:
    • Credential path matching via exact route or regular expression
    • Extracting credentials from body, header, query-param, or via custom callback
    • Single-step (v2) and multistep (multistep_sso) hashing protocols
    • Reporting on login successful via status code, body regex, header, or via custom callback
    • Sending additional S2S activity automatically, via API function call, or transfer via request headers
    • Sending the raw username on the additional S2S activity if configured
  • Added Account Defender, including support for:
    • Reporting of the cross tab session cookie
    • Extracting user ID and additional fields from cookie- or header-based JWT
  • Changed where the enforcer context is saved from the Enforcer to the Azure execution context
    • Allows for initializing the Enforcer outside the HTTP trigger function
    • Requires API changes in postEnforce function, which must now receive the Azure context as a parameter

Version 0.2.0

Released 2023-05-04

  • Added support for GraphQL including:
    • Customized GraphQL routes
    • Multiple GraphQL operations
    • Sensitive GraphQL operations by name or type
  • Added support for batched activities
  • Changed API for Enforcer enforce() and postEnforce() return values to align with JS Core v0.5.0
  • Changed API for creating default HTTP trigger (providing ConfigurationParams rather than Enforcer instance)
  • Moved rollup.config.js file to example folder

Version 0.1.2

Released 2023-02-24

  • Removed images from npm package

Version 0.1.1

Released 2023-02-23

  • Added repository information to package.json
  • Added example, images directories and host.json to npm package

Version 0.1.0

Released 2023-02-22

  • Initial version with support for a variety of basic and advanced features including:
    • Additional activity handler
    • Advanced blocking response
    • Block activity
    • Block page captcha
    • Block page rate limit
    • Bypass monitor header
    • Client IP extraction
    • Cookie v3
    • Custom cookie header
    • CSS ref
    • Custom logo
    • Custom parameters
    • Filter by extension
    • Filter by IP
    • Filter by HTTP method
    • Filter by route
    • Filter by user agent
    • First party
    • JS ref
    • Logger
    • Mobile support
    • Module enable
    • Module mode
    • Monitored routes
    • Page requested activity
    • PXDE
    • PXHD
    • Risk API
    • Sensitive headers
    • Sensitive routes
    • Telemetry command
    • VID extraction