Summary
This release contains styling fixes, support for x-www-form-urlencoded bodies without explicitly-defined request properties, and non-material security fixes from upstream modules.
In order to take advantage of the new X-Requested-With header in OAuth2 token requests, cross-origin APIs (which require CORS configuration) needs to send Access-Control-Allow-Headers: X-Requested-With as part of the OPTIONS response for your token endpoint. A CORS library will handle this for you - visit https://enable-cors.org for more guidance.
Changelog
- improvement: better operation path + summary overflow styling (via #5184)
- improvement: set
X-Requested-Withto prevent browser authentication dialog (via #4934) - fix: provide JSON editor for x-www-form-urlencoded bodies lacking properties (via #5180)
- housekeeping: bump minimum lodash version (via #5156)