- Fix - pxhd cookie is now set with SameSite=Lax
- Fix - Update block page to support error handling for mobile.
- Added Credentials Intelligence v2 hashing protocol as the default. The new protocol normalizes and hashes credentials according to a new algorithm that improves accuracy.
- New block page implementation
- Support for dynamic cookie signing with IP (requires PXHD)
- Send PX cookie over risk_api on sensitive routes
- Added support for credentials intelligence protocols v1 and multistep_sso
- Added support Support for login successful reporting methods header, status, body, and custom
- Added support for automatic sending of additional_s2s activity
- Added support for manual sending of additional_s2s activity via header or API call
- Added support for sending raw username on additional_s2s activity
- Added support for login credentials extraction via custom callback
- Added support request_id field to all enforcer activities
- Credentials extraction is now handles body encoding based on Content-Type request header
- Added successful login credentials extraction automatically triggers risk_api call without needing to enable sensitive routes
- Fixed the issue of Enforced routes didn't worked in monitor mode.
- Fixed the issue of bypass monitor header to work with configured monitored routes.
- Added Code Defender first party XHR and first party sensor support. Proxying XHR and and sensor script using first party is used to avoid getting blocked by browser extensions such as Adblock.
- Added Nonce support in CSP header, this adds a validation layer to the CSP policy on your application. For more details please visit the official CSP documentation CSP nonce
- Added compromised credentials header support. This feature provides information about breached accounts and allows you to protect your users.
- Configuration fields update (PerimeterX Node Core v3.0.0)
- Fixed the issue of cookie decryption fails on mobile SDK error.
- Added new middleware for Code Defender (cdMiddleware. This enables support CSP enforcement by the Enforcer.
- Added support for regular expressions in filter by user agent.
- Added support for Custom cookie header. Custom Cookie Header feature allows you to set a header name which is used to extract PerimeterX cookies, instead of from the request cookies property.
- Support for custom log.
- Bug fix to support the
- Added New config to support Secure flag for PXHD cookie
- Fix the bug to support custom parameters for async activities.
- Fix the bug to support the originalRequest in enrichCustomParameters.
- Added Support for filtering traffic by http method. This feature allows to filter out request from the Enforcer verification flow by its HTTP Method, avoiding unnecessary traffic in the Enforcer verification flow and reducing operation costs
Updated 7 months ago