What's Changed
- ✨ Drop kubetail-bin from publish-guru and trim old ebuilds by @amorey in #1100
- ✨ Support forwarded host in same-origin check by @amorey in #1103
- 🎣 Honor Forwarded proto directive in same-origin scheme check by @amorey in #1104
- 🎣 Disable WebSocket per-message compression in GraphQL servers by @amorey in #1105
- 🐋 Add CSRF protection to dashboard and cluster-api by @amorey in #1106
- 🎣 Relax hex requirement for session key-pairs by @amorey in #1107
- ✨ Release/0.22.0 by @amorey in #1109
- ✨ Trigger publish workflows only on stable releases by @amorey in #1110
- ✨ Add CSRF token support to GraphiQL page by @amorey in #1111
- 🎣 Fix CSRF rejection of legitimate same-origin POSTs by @amorey in #1112
- 🎣 Prevent client-supplied X-Forwarded-Authorization from shadowing service-account-token by @amorey in #1113
- 🎣 Harden CSRF token handling by @amorey in #1114
- 🎣 Stop trusting X-Forwarded-* headers in same-origin check by @amorey in #1117
- ✨ Add allowed-origins config for proxied deployments by @amorey in #1118
Full Changelog: cli/v0.15.0...cli/v0.15.1-rc3