view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN

Revision history for Apache::AuthCookie

3.32  2024-08-17
   - Fix small typo in documentation (github #18, thanks Damyan Ivanov)
   - Capitalize Apache in POD (thanks Ed Sabol)
   - Fix warning due to quoted version in import under Perl 5.40

3.31  2022-01-05
   - Fix uninitialized variable warning if "Satisfy" was not set (github #15, thanks yewtc)

3.30  2020-04-14
   - Fix logic error for EnforceLocalDestination
   - Add a bunch of tests to cover all scenarios of EnforceLocalDestination and
     DefaultDestination

3.29  2020-03-22
   - Add optional support for enforcing a local destination, like so:

        PerlSetVar MyAuthEnforceLocalDestination 1

   - Add optional support for specifying a default destination when the login
     form's destination argument is unspecified or invalid (including
     non-local if local destinations are enforced), like this:

        PerlSetVar MyAuthDefaultDestination /protected/user/

3.28  2019-11-19
   - Add support for SameSite cookie property (can be strict/lax).
   - Minor POD updates.

3.27  2017-07-28
   - Fix POD spelling error [#118545].

3.26  2016-09-30
   - remove unused module Apache::AuthCookie::Autobox from dist
   - remove CGI.pm dependency.  CGI.pm has been removed from perl core, which
     was the primary reason we used it in the first place.  Replaced with
     dependency on lighter weight set of three modules:

        * HTTP::Body
        * WWW::Form::UrlEncoded
        * Hash::MultiValue

     Also recommended (but not required) is WWW::Form::UrlEncoded::XS
   - Add optional support for charset encoding.  If you have something like

        PerlSetVar MyAuthNameEncoding UTF-8

     Then AuthCookie with now automatically decode parameters using the given
     encoding now. AuthCookie params() data will be decoded automatically if
     this is on.  See details in AuthCookie module documentation.  In addition
     r->user will be encoded (using byte semantics) using this encoding. 

     ***** IMPORTANT *****
     If you turn this on, this could break your code.  r->user() will now be
     byte encoded using the given encoding.  If you use usernames that contain
     non-ascii characters you either need to use decoded_user(), or decode
     r->user() yourself in your subclasses.

     See the AuthCookie docs for more details.
   - add optional support for decoding httpd.conf requires directives. This is
     enabled with a RequiresEncoding setting:

        PerlSetVar MyAuthNameRequiresEncoding UTF-8

     Then decoded_requires($r) will return the decoded value of $r->requires
     You only need this if you have non-ascii characters in your requires
     directives such as:

        Requires user programmør

   - add decoded_user($r) method to get the value of r->user decoded using
     character semantics instead of bytes.  Due to the fact that r->user is a C
     API method we cannot get character semantics on r->user directly.  If no
     Encoding directive is in effect, then this is the same as r->user.
   - add encoding($r): string which returns the value of the Encoding directive
     that is in effect for the current request.

3.25  2016-08-30
   - 2.4: fix POD typo and add missing ABSTRACT
   - reorganize real.t tests into subtests
   - make sure signature test ignores generated files
   - remove autobox dependency
   - fix authenticate so that r->user is copied from r->main on subrequests.
     Previously this was only done for internal redirects (r->prev is defined).
     This fixes DirectoryIndexes on AuthCookie enabled directories under apache
     2.4.

3.24  2016-01-13
   - Update Apache 2.4 README, flesh out guts of Authz Provider notes.
   - Improve Apache 2.4 README's AuthzProvider documentation
   - Add POD to Apache2_4::AuthCookie
   - Add FAQ to Apache2_4::AuthCookie documenation
   - 2.4: document that PerlAddAuthzProvider is only needed for *custom* Requires directives.
   - 2.4: make authz_handler recognize multiple usernames in the directive like
     mod_authz_user does.
   - add test case for internal authz_handler
   - explicitly require Apache::Test 1.39 so that APACHE2_4 defines are set

3.23  2015-09-10
   - Improve CGI mode param() handling to avoi CGI.pm's "param() called in list context" warning.
   - add support for Apache 2.4 via mod_perl 1.09.
     ***** IMPORTANT *****
     Apache 2.4 has a *VERY* different API for authentication.  You will need
     to port your subclass and configuration over to the Apache 2.4 API in
     order to use Apache 2.4!  Please be sure to read README.apache-2.4.pod for
     porting instructions!

3.22  2014-05-07

3.21  2014-05-07
   - Bad release - deleted

3.20  2013-12-09
   - login_form: return OK for mobile IE 10, which also ignores content for
     FORBIDDEN response.
   - test .pl registry scripts: do not try to load mod_perl.pm
   - escape html tags in destination.
   - fix abstract in FAQ pod.

3.19  2012-12-28
   - split out CGI data handling into ::AuthCookie::Params modules
   - use Apache::Request/Apache2::Request from libapreq if available. Otherwise,
     fall back to CGI.pm for handling CGI data.
   - improve "removed cookie" debug log message
   - add dependencies: autobox, Class::Load
   - allow username to be '0'
   - login_form: return OK for SymbianOS, which ignores content for FORBIDDEN responses.
   - add login_form_status() to override HTTP status returned by login form
   - recognize_user: return DECLINED if user is not recognized

3.18  2011-01-24