v0.3.0

Changed

• The user object passed to the API / SSE endpoints now accepts the following field types (instead of just string): string, number, string[].

Breaking changes

• The CDN proxy endpoint now serves the new config JSON v6 format. Therefore, only those SDK versions can be pointed to the proxy that already supports this format. The actual support table is available in the docs. Not supported SDKs must be used with an earlier proxy version (<v0.3.0).
• The user map passed over gRPC in the EvalRequest message now accepts a new UserValue type, which allows the setting of a double, string, google.protobuf.Timestamp, and a StringList as user attribute. See the updated docs of the service definition.

v0.2.4

Fixed

• GZip compression related issue.

v0.2.3

Fixed

• Headers listed in auth_headers option are now put into the Access-Control-Allow-Headers CORS header.
• Headers listed in headers option are now put into the Access-Control-Expose-Headers CORS header.

v0.2.2

Changed

• Updated dependencies due to vulnerability report.
• Corrected reported version in X-ConfigCat-UserAgent header.

v0.2.1

Added

• Option to define regex patterns for CORS allowed origins.

  http:
    api:
      cors: 
        enabled: true
        allowed_origins_regex:
          patterns:
            - .*\.example1\.com
            - .*\.example2\.com
          if_no_match: https://example1.com

  The if_no_match field is mandatory when the regex option is set because that value is used in the Access-Control-Allow-Origin header when an incoming request's origin doesn't match with any configured patterns.

  If both allowed_origins_regex and allowed_origins options are set, the list in allowed_origins will be checked first and if there isn't a match, the execution will jump to evaluate the regex patterns.

v0.2.0

Added

• The ability to set allowed origins for CORS.
  When the allowed origins is set, the Proxy will include only that origin in the Access-Control-Allow-Origin response header, which matches the request's Origin. When there's no matching request origin, the Proxy will set the Access-Control-Allow-Origin response header to the first item in the allowed origins list.

Breaking Changes

• The CORS configuration option for API, CDN Proxy, and SSE has been changed:
  • Old:

    http:
      api:
        allow_cors: true
  • New:

    http:
      api:
        cors:
          enabled: true
          allowed_origins: 
            - https://example1.com
            - https://example2.com

v0.1.6

Added

• Ability to load options.yml from a default location.
  The default location varies by platform:
  • Windows: %PROGRAMDATA%\configcat\proxy\options.yml, usually C:\ProgramData\configcat\proxy\options.yml
  • macOS: /Library/Application Support/configcat/proxy/options.yml
  • Linux: /etc/configcat/proxy/options.yml

v0.1.5

Changelog

• a6b67ff Merge pull request #7 from configcat/global-offline
• e3cd10b Increase reported version
• 93ba26f Add ability to put the whole Proxy instance into offline mode

v0.1.4

Changelog

• 1037a4c Fix accidentally renamed CORS expose header
• 2aa927a Merge pull request #6 from configcat/dependabot/github_actions/actions/checkout-4
• 3265d50 Bump actions/checkout from 3 to 4

v0.1.3

Changelog

• 4c0e846 Bump reported version
• d9c3316 Merge pull request #5 from configcat/default-user-attributes
• a29a762 Add more config tests
• d1fc9ce Update packages due to security report
• af6c2ad Add default user attributes
• a56ff81 Type in router logs
• f148e1c Typo in README.md