The markdown parsing is broken/disabled for release notes. Sorry about that, I'm chasing the source of a crash that's been bringing this website down for the last couple of days.
## What's Changed
* Add Allowed Hosts to HTTPSRedirectMiddleware by @0xTim in https://github.com/brokenhandsio/VaporSecurityHeaders/pull/29
**Full Changelog**: https://github.com/brokenhandsio/VaporSecurityHeaders/compare/4.0.0...4.1.0
This is a major release to tidy up the API and disable `X-XSS-Protection`
## What's Changed
* Disable X-XSS-Protection filter, for safety by @EvanHahn in https://github.com/brokenhandsio/VaporSecurityHeaders/pull/26
* Add support for fallback referrer policies by @EvanHahn in https://github.com/brokenhandsio/VaporSecurityHeaders/pull/27
## New Contributors
* @EvanHahn made their first contribution in https://github.com/brokenhandsio/VaporSecurityHeaders/pull/26
**Full Changelog**: https://github.com/brokenhandsio/VaporSecurityHeaders/compare/3.2.0...4.0.0
# Vapor Security Headers 3.2.0
Adds the ability to construct different header options using `[String]` instead of just using variadic parameters. This makes it easier to extract out common code (#24)
Adds a new `HTTPSRedirectMiddleware` to redirect all requests on production to HTTPS to enable HSTS checks to be satisfied (#23)
Updated for Vapor 4 🎉
See the [README](https://github.com/brokenhandsio/VaporSecurityHeaders/blob/master/README.md) for updated usage instructions.
# Vapor Security Headers 2.1.1
Issues fixed in this release:
* #15 - fix compiler warning when building with Swift 5
# Vapor Security Headers 2.1.0
This release contains major improvements to using CSP with the security headers. The API for adding it now includes a much nicer Swifty solution. Check out the [README](https://github.com/brokenhandsio/VaporSecurityHeaders/blob/master/README.md) for more details!
PRs in this release:
* #14 - Add CSP builder
# Vapor Security Headers 2.0.0
- #10 Add support for Vapor 3!
See [the README](https://github.com/brokenhandsio/VaporSecurityHeaders/blob/master/README.md) for usage details.
# Vapor Security Headers 2.0.0 RC 1
Adds support for Vapor 3! Things still work mostly the same, you just need to change how you register the middleware for Vapor 3.
**Note**: Per page CSP configuration requires an additional service to be registered.
For information on how to use, see the [README](https://github.com/brokenhandsio/VaporSecurityHeaders/blob/2.0.0-rc.1/README.md)
# Vapor Security Headers 1.2.0
New features:
* #11 - Adds support for [X-XSS-Protection report](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection)