Changelog

Version 1.1.0

Added support for Hype Sale Challenge product
Added support for URL decode reserved characters feature
Added configuration for first party timeout
Added configuration for adding the Secure flag to PXHD cookie
Added configurations for custom functions to determine filtered, enforced, monitored, and sensitive requests
Added base64-encoded URL to captcha script query parameters on block pages
Added risk_start_time and enforcer_start_time fields to enforcer activities
Changed Bot Defender captcha page to include client-side first party timeout
Fixed a bug where an empty, validated cookie v3 resulted in a pass
Fixed inaccurate types for px_filter_by_route, px_monitored_routes, px_enforced_routes, px_sensitive_routes, px_graphql_routes configs and changed them to be Array<string | RegExp>
Fixed first party XHR validation issue

Added CORS support
Added Custom First Party Endpoints support
Added Credential Intelligence, including support for:
- Credential path matching via exact route or regular expression
- Extracting credentials from body, header, query-param, or via custom callback
- Single-step (v2) and multistep (multistep_sso) hashing protocols
- Reporting on login successful via status code, body regex, header, or via custom callback
- Sending additional S2S activity automatically, via API function call, or transfer via request headers
- Sending the raw username on the additional S2S activity if configured
Added Account Defender, including support for:
- Reporting of the cross tab session cookie
- Extracting user ID and additional fields from cookie- or header-based JWT
Changed postEnforce function signature to have only Response parameter