CHANGELOG.md

Changelog

7.0.2 (01-Nov-25)

• Test with Ruby 3.5
• Remove deprecation message, put into passive maintenance mode

7.0.1 (11-May-25)

• Test with Ruby 3.4
• Repo moved
• Add deprecation message

7.0.0 (12-Nov-24)

• Breaking change: require Ruby 3.2+. If you need support for older Rubies, stay on version 6
• Set Railties dependency to < 9
• Test with Rails 8
• Do not test with Ruby 3.0 and 3.1

6.0.0 (14-Nov-23)

• Breaking change: drop support for Ruby < 3. If you need to support older Rubies, stay on v5. If you'd like to support even older stuff, v4.5.0 is your choice as it plays nicely with Rails 5.1 and Ruby 2.5.
• Test only with Rails 7
• Fix some failing tests, minor tweaks

5.0.0 (14-Dec-21)

• Add support for Rails 7.
• Test against Rails 6.1 and Rails 7.0.
• Test against Ruby 3.0.
• Rails 5.1 is not supported officially anymore (but should still work fine).
• Ruby < 2.7 is not supported anymore (has reached end of life) but should still work.

4.5.0 (21-Sep-20)

• Added a new HttpOnly option (thanks, @Lubo-mir)
• Introduced some code refactorings

4.4.0 (04-Aug-20)

• Make the gem play nicely with controllers that do not have protect_against_forgery? method defined — for example, certain Doorkeeper controllers (thanks, @amenz)
• Updated dependencies and cops

4.3.0 (18-May-20)

• Ruby version 2.4 is no longer officially supported (though it still should work) - this is also due to the fact that v2.4 is abanoded by Ruby core team as well. Required Ruby version is now 2.5+ according to version compatibility.
• Dropped backwards compatibility with older versions of Rails (v4 and below). If you require Rails 4 support, use angular_rails_csrf v3.
• Increased test coverage up to 100%.

4.2.0 (31-Mar-20)

• Added a new angular_rails_csrf_same_site option which defaults to :lax (thanks, @timobleeker)
  • This option is introduced to comply with the latest changes: https://www.chromium.org/updates/same-site
• Update cops

4.1.0 (03-Feb-20)

• Added a new angular_rails_csrf_secure option (thanks, @DougKeller)
• Tested against Ruby 2.7

4.0.1 (23-Dec-19)

• Updated dependencies, tested against more recent Rubies and Rails
• Updated Gemfile for Bundler 2
• Added Rubocop and SimpleCov

4.0.0 (20-Aug-19)

Updated:

• Added support for Rails 6.0
• Drop support for Rails 4

3.2.0

New feature:

• Allow cookie's name to be customized (thanks, @timobleeker)

3.1.0

Updated:

• Added support for Rails 5.2.0

Testing:

• Tested against more recent Ruby/Rails versions

3.0.0

New feature:

• Allow cookie domain to be set via Rails.application.config (thanks, @gingermusketeer)

Updated:

• Dropped support for Rails < 4
• Dropped official support for Ruby 2.2 though it should still work

Testing:

• Test against more recent versions of Ruby and Rails

2.1.1

Updated:

• Added support for Rails 5.1.1

Testing:

• Test against more recent versions of Ruby
• Test against Rails 5.1.1

2.1.0

Updated:

• Added support for Rails 5.1

Testing improvements:

• Tested against Rails 5.1
• Tested against Ruby 2.4.0
• We are no longer testing against Rails < 4.2

2.0.0

Breaking changes:

• Revert to after_action again (fixes issues with Devise and similar solutions)
• Introduced a new exclude_xsrf_token_cookie class method to exclude setting CSRF token for certain controllers. This is done to take care of problems with streaming.

Updated:

• Added support for Rails 5
• rails dependency changed to railties

Testing improvements:

• Tested against Rails 5
• Tested against Ruby 2.2.5 and 2.3.0