Skip to content

v0.38.0

Choose a tag to compare

View all tags
@yaakovLowenstein yaakovLowenstein released this 27 Oct 17:36
· 17 commits to master since this release
v0.38.0
54e5a90

Feature

  • Add security controls for requiring authentication (d43ce23)
  • Change security contorls to be on view and not hxrequest class (b35fb01)

Breaking

  • The new setting HX_REQUESTS_REQUIRE_AUTH defaults to True, meaning that all HxRequests now require an authenticated user by default. Existing projects must explicitly set HX_REQUESTS_REQUIRE_AUTH = False in their settings to restore the previous behavior of allowing unauthenticated HxRequests or add HX_REQUESTS_UNAUTHENTICATED_ALLOW to specify which HxRequests are allowed without authentication. (d43ce23)
  • The security controls for HxRequests have been reworked. Instead of defining allowed apps and urls on the HxRequest class, views can now define an allow list of HxRequest names that are permitted to be used in that view. (b35fb01)

Documentation

  • Docs for securing HxRequests via authentication (d632c41)
  • Update docs to reflect per-view HxRequest controls (0d147e1)
Assets 4
Loading