Releases: apinf/apinf-umbrella
Better CORS support
Preflight requests are sent by browsers without credentials. If an API doesn't have an authentication exemption (key-based) for OPTIONS requests, they will never succeed.
We disable api key requirement for all OPTIONS requests. This behaviour can be overridden on a per api basis by setting sub request rules.
We also add Access-Control-Allow-Headers: x-api-key to allow the actual authenticated request to go through. If more headers need to be whitelisted, a sub request rule can be set as appropriate.
[experimental] Better CORS support
This release is found to have a bug, and is now superseded by 0.15.0-apinf2.1
API Umbrella learns OAuth2 and HTTP2
Highlights
This version of API umbrella includes support for OAuth2, and can speak HTTP2 on ubuntu bionic.
These are contributed by Ficodes, and have been incorporated from https://github.com/Ficodes/api-umbrella
This release includes improvements made in 0.14.0-apinf1.
A summary of all included commits can be found in the commit message of 782c719
API Umbrella learns resource usage based rate limiting
Changelog:
Apinf Oy customized API Umbrella and added the following features on top of 0.14.0 release.
Allow resource usage based rate limiting using custom headers.
API providers may choose to send an additional response header with numeric value >1 to denote the resources used by the request. This can be used to implement an intelligent quota based rate limit. Intended for apis like GraphQL where the same endpoint handles requests with varying complexity. We recommend Request-Cost as the header name. There is no default, and a value must be provided.
Allow rate limiting requests by origin header
Origin headers are automatically sent by browsers. These can be used to limit usage of any single web application for an otherwise open api.