Release 2.0.0-0

This releases cumulates the work of 1 1/2 years. Main changes are:

• It allows projects to test for CSP compliance.
• It integrates with Ember FastBoot to set CSP header in FastBoot App Server.
• It moves it's own configuration to config/content-security-policy.js and avoids injecting unnecessary configuration into run-time.
• It introduces tests for it's own implementation to avoid regressions and increase stability.

The existing configuration syntax in config/environment.js is still supported but deprecated. You are recommended to migrate your configuration to config/content-security-policy.js as soon as possible. The deprecation guide contains migration instructions.

💥 Breaking Change

• #135 Do not set X-Content-Security-Policy header (@jelhan)
• #107 Ensure csp-headers command emits to standard out (to allow for piping into other programs) (@Exelord)
• #130 Drop Node 8, 9, and 11 support. (@rwjblue)
• #87 Drop Ember CLI < 2.13 and Node 4 support (@loganrosen)

🚀 Enhancement

• #91 Add ability to fail application / addon tests when a CSP violation is detected. (@jelhan)
• #113 Set CSP header in FastBoot (@jelhan)
• #104 Move config to config/content-security-policy.js (@jelhan)
  Previous Iterations:
  • #94 Refactor configuration to use ember-cli-content-security-policy (instead of contentSecurityPolicy) (@jelhan)
  • #97 Allow configuration to be specified in ember-cli-build.js (@jelhan)
• #101 Avoid merging policies in build time configuration (@jelhan)
• #84 Add option to output raw CSP (Closes #81) (@YoranBrondsema)
• #121 Inject runtime config only if needed (if FastBoot dependency exists) (@jelhan)

🐛 Bug Fix

• #122 Consistent test results regardless of environment (@jelhan)
• #134 Prevent unnecessary meta + reportOnly warning (@reidab)
• #136 Do not override existing CSP headers in fastboot (@jelhan)
• #129 Set status-code to 204 (no content) (@sandstrom)
• #128 Don't add nonce to script-src when it already contains 'unsafe-inline' (@joukevandermaas)
• #109 Fix support for --live-reload-host option (@jelhan)
• #107 Ensure csp-headers command emits to standard out (to allow for piping into other programs) (@Exelord)
• #96 Fix inconsistency between meta element and HTTP header regarding live reload support (@jelhan)
• #95 Remove trailing whitespace from generated CSP string (@jelhan)

📝 Documentation

• #108 Upgrade deprecation message for legacy configuration (@jelhan)
• #102 Add a deprecation guide (@jelhan)

🏠 Internal

• #115 Run tests against different Ember CLI versions in CI (@jelhan)
• #131 Add automated release setup. (@rwjblue)
• #126 Upgrade dependencies (@jelhan)

Committers: 8

• Jeldrik Hanschke (@jelhan)
• Jouke van der Maas (@joukevandermaas)
• Logan Rosen (@loganrosen)
• Maciej Kwaśniak (@Exelord)
• Reid Beels (@reidab)
• Robert Jackson (@rwjblue)
• Yoran Brondsema (@YoranBrondsema)
• @sandstrom