Hashavatar API 1.0.2
hashavatar-api 1.0.2
Security hardening and renderer update release.
- Updated the API and demo to
hashavatar 1.0.2. - Added stricter no-cache behavior for API error responses.
- Added
X-RateLimit-*headers on rate-limit responses. - Hardened trusted-proxy client IP handling against reserved/private forwarded IPs.
- Validated S3 object prefixes and enabled explicit SSE-S3 on stored avatars.
- Improved cache-key construction to avoid delimiter ambiguity.
- Expanded browser security headers and added cross-domain policy hardening.
- Added safer hashed-identity guidance in the documentation.