Version 4.4.0
- Added
is_sensitive_routefield to risk api and async activities - Added
x-ew-socket-ipheader to Risk API requests - Telemetry activity
update_reasonfield updated to reflect the reason for telemetry activity:command- incoming telemetry request receivedrisk- telemetry triggered via risk response field
- Added
request_idto telemetry activity details
Version 4.3.0
- Support for adding a data enrichment header (new
px_data_enrichment_header_nameconfiguration) - Added Documentation enforcement workflow - verify that the documentation is up to date with the latest changes in the codebase
Version 4.2.0
- Added the domain to the enforcer block page src to ensure the block page is served correctly from NetStorage
Version 4.1.1
- Added argparse as dependency rather than dev dependency to allow the provided CLI tool to work properly
Version 4.1.0
- Added URL decode reserved characters feature support (
PX_DEC_URL_RESERVED_CHARSconfiguration) - Added Secure PXHD cookie support (
PX_SECURED_PXHD_ENABLEDconfiguration) - Added the WhatWG URL dependency to improve URL parsing
- Changed Property Manager variables to remove unnecessary
PMUSER_PX_EW_IPvariable - Changed handler creation functions to always retrieve configuration from incoming request variables rather than saving the enforcer in closure
- Changed
onClientRequestto remove context and remote config headers from incoming request before processing - Fixed IP parsing issue by using
AK_CLIENT_REAL_IPinstead ofAK_CLIENT_IP - Fixed issue that enabled users to add erroneous Risk API GET headers
Version 4.0.0
- Refactor to use JS Core module, maintaining support for:
- additional_activity_handler
- advanced_blocking_response
- block_activity
- block_page_captcha
- block_page_rate_limit
- bypass_monitor_header
- client_ip_extraction
- cookie_v2
- credentials_intelligence
- css_ref
- custom_cookie_header
- custom_logo
- cors_support
- custom_parameters
- enforced_routes
- filter_by_extension
- filter_by_http_method
- filter_by_ip
- filter_by_route
- filter_by_user_agent
- filter_by_custom_function
- first_party
- graphql_support
- js_ref
- logger
- mobile_support
- module_enable
- module_mode
- monitored_routes
- page_requested_activity
- pxde
- pxhd
- risk_api
- sensitive_headers
- sensitive_routes
- vid_extraction
- telemetry_command
- user_identifiers
- Released as a library for modular use
- Added support for remote configuration using EdgeKV
- Added support for header-based logger
- Added support for regex flags in configuration
Version 3.5.4
- Risk_api call fails in case of a non-ASCII character on a request header
Version 3.5.3
- Response provider enforcer (for Credential Intelligence, GraphQL) includes HTTP response status code on page_requested and block activities
Version 3.5.2
- User request’s Authorization header no longer overriding the header that is being sent on risk api
- Upgrading tests version
Version 3.5.1
- Fixed an issue with parsing cookie values
