npm @redwoodjs/core 0.49.0
v0.49.0

latest releases: 9.0.0-canary.200, 9.0.0-canary.199, 9.0.0-canary.198...
2 years ago

🎬 Call for Redwood product and startup demos
Redwood 1.0.0 will arrive within the month. We’re planning the first RedwoodJS Startup Showcase, full of demos and panels, highlighting the amazing people and projects using Redwood. Want to demo? Let's talk! Just take a look at this forum post and complete the submission form.

πŸ”¬Help QA the new Redwood Tutorials
Both Tutorials I and II have been re-written for v1. We need your help making sure that every "i" is dotted and "t" is crossed. If you're interested in helping, check out the details here.

Changelog

Unique contributors: 4

PRs merged: 7

Features

  • Implement dbAuth CORS support + Add cookie options to auth handler #4150 by @dac09
    • DEPRECATION Warning: see "dbAuth Cookie Configuration" section below
  • Codemod for webhook verifier option renaming #4675 by @Tobbe

Fixed

Chore

Package Dependencies

View all Dependency Version Upgrades

Recommended Code Modification

dbAuth Cookie Configuration

If you are using dbAuth, we've moved the configuration for the dbAuth cookie alongside the rest of the configuration in api/src/functions/auth.js. The original configuration, which was internal to Redwood itself, is now deprecated. If you do not add this cookie config to auth.js your app will continue to work for now, but will show a deprecation notice in your api logs. The old behavior will be removed in a future version of Redwood.

To preserve the existing cookie settings, add the cookie property to the options sent into new DbAuthHandler():

const authHandler = new DbAuthHandler(event, context, {
  db: db,
  authModelAccessor: 'user',
  authFields: {
    id: 'id',
    username: 'email',
    hashedPassword: 'hashedPassword',
    salt: 'salt',
    resetToken: 'resetToken',
    resetTokenExpiresAt: 'resetTokenExpiresAt',
  },
  forgotPassword: forgotPasswordOptions,
  login: loginOptions,
  resetPassword: resetPasswordOptions,
  signup: signupOptions,

+ cookie: {
+  HttpOnly: true,
+  Path: '/',
+  SameSite: 'Strict',
+  Secure: true,
+  // Domain: 'example.com',
+  },

})

The cookie Domain is now set here instead of in an ENV var. When do you need to set Domain? If your web side and api side are served from different domains (such as www.example.com and api.example.com). To read more about Domain config: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies

Don't miss a new core release

NewReleases is sending notifications on new releases.