- Fix CVE-2020-11020
- No longer retry and fetch a new signature after errors unrelated to
Faye::Authentication
(#15) - Internal:
- Fix rspec and jasmine specs (#14)
- Replace
phantomjs
withchromeheadless
for jasmine specs (#14) - Updated Travis settings with last ruby versions (#14)
- Optional authentication for
Faye::Authentication::HTTPClient
(#12)
- Remove signature from the server response (#11)
- Fix bad parameter passed to Net::HTTP::Post in HTTP Client (thanks @evserykh)
- Wait a delay before trying to fetch a signature after an error
- Improve preformance by batching authentication requests (backward incompatible!)
- Add support for faye 1.1 (unreleased for now)
- Drop support for faye < 1.1
- More extensibility regarding public channels, extensions now take an options hash with a whitelist lambda / function that will be called with the channel name so developers can implement their own logic
- Channels beginning by
/public/
do not require authentication anymore, However, globbing with public channels still require authentication.
- Rename
Faye::Authentication::Extension
toFaye::Authentication::ServerExtension
- Add extension for faye Ruby Client :
Faye::Authentication::ClientExtension
- Use JWT instead of HMAC for signing the messages
- Allow expiration of the signature
- The client javascript extension now takes the faye client as its first parameter