Added new Cloudflare setting (under Speed): Speed Brain
Easy Config enables Speed Brain
Added support for setting SSL/TLS Encryption Mode to Strict (SSL-only origin pull) (for Enterprise zones)
Added new Cloudflare setting (under SSL/TLS): Encrypted Client Hello
Added new Cloudflare setting (under Security): Leaked credentials
- Fixed issue with deleting a Page Cache rule (change to Cloudflare API)
- Fixed issue with changing Cloudflare settings on XenForo 2.3 (was being done with form submission instead of the intended AJAX request)
- Ignore full stat rebuilds (too many API calls [11 per day], it will be impossibly slow, and you will hit API rate limit very quickly, so it would fail anyway)
Removed workaround to allow non-Duotone icons in admin navigation for XenForo 2.3 (fixed in XF core)
Added new Cloudflare setting (under Security): Replace insecure JavaScript libraries
Changed verbiage to be worded better when setting up API token initially
Removed Brotli compression setting (it's now always on in Cloudflare)
Removed Minify settings (they have been deprecated and will be removed from Cloudflare soon)
Removed Server-side Exclude setting (it has been deprecated and will be removed from Cloudflare soon)
Added option to create Firewall Rule to block AI scrapers & crawlers
Updated Chart.js library to 4.4.3
Prevent autocompletion of authentication token (saw a situation where it could be overwritten with an admin's saved password for the site)
XenForo 2.3 compatibility:
Fix for template issue when managing country blocking due to XF core change in 2.3 beta 6
Fix various icons that didn't work in 2.3
Force 2.3 to allow non-Duotone admin navigation icons
[*]Added support for CLI tool to migrate existing data to/from internal_data/xfmg
[*]Added support for local-data mount point in XenForo 2.3
[*]Added deprecation notice for Auto-Minify setting
Changed wording of "API tokens & keys" to "API tokens" (no longer allowing global keys, only API tokens)
Updated charting library (Chart.js) to 4.4.1
Created workaround for addons being disabled during XenForo upgrades (we need to set the externalDataUrl so that the %ASSET:stylefolder% replacement var works as expected for R2 users when .less templates are compiled). Effectively we are firing our app_setup code event listener even when all addons are disabled during the upgrade process. See this thread.
- Presigned URLs forcibly set Content-Type and Content-Disposition HTTP response headers (fixes situation where something like rclone set incorrect content type for the object in the R2 bucket)
- Cloudflare statistics charts on admin dashboard dynamically resize properly when resizing window
- Added ability for individual API calls to ignore multiple error codes instead of just one
- Changed FsMounts::getFsAdapters method name to FsMounts::getDpFsAdapters to avoid naming collision with XFCloud addon (will need to update FileSystem addon as well if you are using it)
- The API calls necessary to build the Cloudflare settings page are now run in parallel (it's currently 10 API calls that were previously made sequentially). Viewing (and editing) settings is significantly faster now (it's as fast as the single slowest API call, rather than as slow as all 10 API calls added together).
- Added more sanity checks for unexpected Cloudflare API results
- Fixed issue where old public domains wouldn't get enabled when setting up R2 bucket for XenForo data (in a situation where it was an already existing bucket that already had public domain(s) assigned)
- Added link for info about why each Cloudflare token permission is needed
- Updated deep links into R2 buckets to use new URL endpoint
- Suppress Cloudflare rate limit error when purging URLs from cache when guest page caching is enabled (a very high traffic site could hit API rate limits if there's a zillion posts flowing in at once)
- Better handling of situation where Cloudflare API is down/unavailable
- Cloudflare Workers that are created for the image proxy and unfurl proxy have been rewritten to be ES Modules instead of Service Workers
- Removed "Security -> Privacy Pass Support" setting (it's been deprecated by Cloudflare and is no longer used)