Skip to content
Compare
Choose a tag to compare
@astrobot-houston astrobot-houston released this 11 Apr 11:27
· 1272 commits to main since this release
66bc104

Minor Changes

  • #10591 39988ef8e2c4c4888543c973e06d9b9939e4ac95 Thanks @mingjunlu! - Adds a new dev toolbar settings option to change the horizontal placement of the dev toolbar on your screen: bottom left, bottom center, or bottom right.

  • #10689 683d51a5eecafbbfbfed3910a3f1fbf0b3531b99 Thanks @ematipico! - Deprecate support for versions of Node.js older than v18.17.1 for Node.js 18, older than v20.0.3 for Node.js 20, and the complete Node.js v19 release line.

    This change is in line with Astro's Node.js support policy.

  • #10678 2e53b5fff6d292b7acdf8c30a6ecf5e5696846a1 Thanks @ematipico! - Adds a new experimental security option to prevent Cross-Site Request Forgery (CSRF) attacks. This feature is available only for pages rendered on demand:

    import { defineConfig } from 'astro/config';
    export default defineConfig({
      experimental: {
        security: {
          csrfProtection: {
            origin: true,
          },
        },
      },
    });

    Enabling this setting performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each Request.

    This experimental "origin" check is executed only for pages rendered on demand, and only for the requests POST, PATCH, DELETEandPUTwith one of the followingcontent-type` headers: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.

    It the "origin" header doesn't match the pathname of the request, Astro will return a 403 status code and won't render the page.

  • #10193 440681e7b74511a17b152af0fd6e0e4dc4014025 Thanks @ematipico! - Adds a new i18n routing option manual to allow you to write your own i18n middleware:

    import { defineConfig } from 'astro/config';
    // astro.config.mjs
    export default defineConfig({
      i18n: {
        locales: ['en', 'fr'],
        defaultLocale: 'fr',
        routing: 'manual',
      },
    });

    Adding routing: "manual" to your i18n config disables Astro's own i18n middleware and provides you with helper functions to write your own: redirectToDefaultLocale, notFound, and redirectToFallback:

    // middleware.js
    import { redirectToDefaultLocale } from 'astro:i18n';
    export const onRequest = defineMiddleware(async (context, next) => {
      if (context.url.startsWith('/about')) {
        return next();
      } else {
        return redirectToDefaultLocale(context, 302);
      }
    });

    Also adds a middleware function that manually creates Astro's i18n middleware. This allows you to extend Astro's i18n routing instead of completely replacing it. Run middleware in combination with your own middleware, using the sequence utility to determine the order:

    import { defineMiddleware, sequence } from 'astro:middleware';
    import { middleware } from 'astro:i18n'; // Astro's own i18n routing config
    
    export const userMiddleware = defineMiddleware();
    
    export const onRequest = sequence(
      userMiddleware,
      middleware({
        redirectToDefaultLocale: false,
        prefixDefaultLocale: true,
      })
    );
  • #10671 9e14a78cb05667af9821948c630786f74680090d Thanks @fshafiee! - Adds the httpOnly, sameSite, and secure options when deleting a cookie

Patch Changes