0.24.26
The long excuse is that CORS can now be ignored.
This update introduces an option to circumvent Cross-Origin Resource Sharing (CORS) constraints for CouchDB requests, by leveraging Obsidian's native request API. The implementation of such a feature had previously been deferred due to significant security considerations.
CORS is a vital security mechanism, enabling servers like CouchDB -- which functions as a sophisticated REST API -- to control access from different origins, thereby ensuring secure communication across trust boundaries. I had long hesitated to offer a CORS circumvention method, as it deviates from security best practices; My preference was for users to configure CORS correctly on the server-side.
However, this policy has shifted due to specific reports of intractable CORS-related configuration issues, particularly within enterprise proxy
environments where proxy servers can unpredictably alter or block communications. Given that a primary objective of the "Self-hosted LiveSync" plugin is to facilitate secure Obsidian usage within stringent corporate settings, addressing these 'unavoidable' user-reported problems became essential. Mostly raison d'être of this plugin.
Consequently, the option "Use Request API to avoid inevitable CORS problem" has been implemented. Users are strongly advised to enable this only when operating within a trusted environment. We can enable this option in the Patch pane.
However, just to whisper, this is tremendously fast.
Replies to Issues will be a little delayed, but I will make sure to do so!
New Features
- Automatic display-language changing according to the Obsidian language setting. (#630)
- We will be asked on the migration or first startup.
- Note: Please revert to the default language if you report any issues.
- Not all messages are translated yet. We welcome your contribution!
- Now we can limit files to be synchronised even in the hidden files. (#631)
- "Use Request API to avoid
inevitableCORS problem" has been implemented. (#632) (#508) etc...- Less secure, please use it only if you are sure that you are in the trusted environment and be able to ignore the CORS. No
Web vieweror similar tools are recommended. (To avoid the origin forged attack). If you are able to configure the server setting, always that is recommended.
- Less secure, please use it only if you are sure that you are in the trusted environment and be able to ignore the CORS. No
Show status icon instead of file warnings bannerhas been implemented. (#634)- If enabled, the ⛔ icon will be shown inside the status instead of the file warnings banner. No details will be shown.
Improved
- All regular expressions can be inverted by prefixing
!!now.
Fixed
- No longer unexpected files will be gathered during hidden file sync.
- No longer broken
\nand new-line characters during the bucket synchronisation. (#639) - We can purge the remote bucket again if we using MinIO instead of AWS S3 or Cloudflare R2.
- Purging the remote bucket is now more reliable.
- 100 files are purged at a time.
- Some wrong messages have been fixed.
Behaviour changed
- Entering into the deeper directories to gather the hidden files is now limited by
/or\/prefixed ignore filters. (It means that directories are scanned deeper than before).- However, inside the these directories, the files are still limited by the ignore filters.
Etcetera
- Some code has been tidied up.
- Trying less warning-suppressing and be more safer-coding.
- Dependent libraries have been updated to the latest version.
- Some build processes have been separated to
preandpostprocesses.