All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Fix dependency resolution error in SvelteKit 2.0
- Fix
svelte-check
errors
- Catch session verification error in
decryptSession
handler - Unset session if verification fails in
decryptSession
handler
- Add support for SvelteKit 2.0
- Make all environment variables server-side only
- Rename
PUBLIC_ALLOWED_REQUEST_METHODS
env var toALLOWED_REQUEST_METHODS
- Rename
PUBLIC_CSRF_SKIP_ROUTES
env var toCSRF_SKIP_ROUTES
- Rename
PUBLIC_SESSION_KEY
env var toSESSION_KEY
- Fix build error when not using
.env
at build time
- Fix wrong conditional exports order in
package.json
- Move more server-only modules to
src/lib/server/
- Separate server-side
exports
from client-side ones - Rename
$lib/route
module to$lib/helpers
- Fix error: "Cannot import $env/dynamic/private into client-side code"
- Upgrade to Svelte v4. Svelte v3 is still supported
- Move server-only modules to
src/lib/server/
- Load client-side envs dynamically
- Migrate to
@sveltejs/package
v2
- Fix es2015 compatibility issues
- Upgrade SvelteKit to v1.0
- Upgrade SvelteKit to v1.0.0-next.535
- Do not close
ToggleButton
iftarget
's child is clicked during click outside event
- Always close a toggle button's target after navigation
- Match paths by route ID instead of URL when ignoring paths in CSRF
- Rename
PUBLIC_CSRF_IGNORE_PATHS
env var toPUBLIC_CSRF_SKIP_ROUTES
- Add env var to skip CSRF protection for specific paths
- Fix
allowedRequestMethods
returning array with single empty string when env var not set
- Fix sessions set in endpoints not set in response headers
- Remove
cookie
package in favourevent.cookies
- Upgrade SvelteKit to v1.0.0-next.481
- Rename
VITE_ALLOWED_REQUEST_METHODS
env var toPUBLIC_ALLOWED_REQUEST_METHODS
- Rename
VITE_SESSION_KEY
env var toPUBLIC_SESSION_KEY
- Change CSRF
Header.set(App.Session)
toHeader.set(Token | string)
- Change CSRF
Param.set(App.Session)
toParam.set(Token | string)
- Upgrade SvelteKit
- Set
Pragma: no-cache
header in.disableCache()
handler
- Remove
.redirect()
helper
- Add missing setup steps to docs
- Fix
VITE_ALLOWED_REQUEST_METHODS
env undefined in production builds
- Initial public release