- Fixed proxied upstream POST request being aborted when the stream associated with the downstream request is closed on Node v16+. This will now again correctly be triggered only when the socket is closed early.
- Removed conversion service (no longer used in TerriaJS 8+).
- Removed pm2. Use containers and kubernetes to run terriajs-server concurrently and run terriajs-server on startup.
- See TerriaJS/terriajs#6731 (includes details on how to continue running terriajs-server with).
yarn/npm startnow runs terriajs-server in the foreground.- Removed
yarn/npm stop.
- Add GDA2020 proj4 definition
- Authorisation token for feedback to be placed in header as per https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
- Fixed a bug with the proxy route and certain redirect responses.
- Improved support with
resolvePathRelativeToWwwroottriggeringserveWwwRoot
- Added option to configure post limit on
shareendpoint (seeshareMaxRequestSizeinserverconfig.json.example) - Added option for resolving unmatched paths/routes to index.html for single page applications via
resolveUnmatchedPathsWithIndexHtml
- Support appending additional parameters to a querystring via the
/proxyendpoint.
- Added support for the HTTP Strict-Transport-Security (HSTS) header.
- Stop setting cache-control directives for error responses.
- Increase post limit to 200kb on
shareendpoint.
- Switched to pm2 for managing the server process.
- Removed support for Google URL shortener creation and resolving.
- Fixed throwing an exception in a worker after conversion service runs on Nodejs verions 10+.
- Added automatic rate limiting of failed authentication attempts.
- Added support for additional feedback parameters. These additional parameters are described in
feedback.additionalParametersin the config file.
- Added the ability to set
redirectToHttpsin the server config to automatically redirect requests. The listhttpAllowedHostsin the server config can be used to specify specific hosts for whichhttpaccess is still allowed.
- The
proxynow verifies that the target of a server-side redirect (e.g. HTTP 301 status code) is in the whitelist. If it's not, the redirect is returned to the client instead of handled on the server. - Added a list of IP addresses that the proxy will refuse to connect to, even if resolved from a hostname that is in the proxy whitelist. By default, the list includes all IP addresses that are not normal, internet-routable addresses. The list can be customized by setting
blackedlistedAddressesin the config file. If your server has privileged access to any internet-routable addresses, be sure to add those addresses to the blacklist.
- Proxy authentication can now optionally be specified with the
proxyAuthkey in the--config-file, as an alternative to--proxy-auth.
- When using
--proxy-authto automatically supply HTTP basic authentication credentials, and the remote server returns 403 (Forbidden), we now retry the request without the credentials. This will usually result in the server responding with a 401 (Unauthorized), causing the user's browser to prompt for credentials. This is useful when some of the resources on the server are not available with the automatic credentials but will work if more powerful credentials are supplied.
- Added support for server-supplied custom headers, by extending the process used to insert the basic http auth header
authorization. - Running with
--public falsenow runs just a single server process, to support easier debugging. - Improved validation of the Esri token configuration.
- Fixed a problem where a proxy error (such as an invalid content length) detected after the proxy had started sending the response would cause the worker to crash with an exception saying "Can't set headers after they are sent."
- Added
Strict-Transport-Securityto the list of response headers that are not passed through to the client by the proxy.
- Added esri-token-auth service which is able to request tokens from ESRI token servers with username / password authentication and forward them on to anonymous clients.
- Allow setting the size limit for proxy POST requests using
proxyPostSizeLimitin the server config. If no unit is specified bytes is assumed, or use some reasonable unit like 'kb' for kilobytes or 'mb' for megabytes.
- Fixed a bug that caused
Content-Length: 0to be included in proxied GET requests.
- No code changes, but fixes permissions on the run_server script which prevented it from starting (due to 2.6.4 being published from a Windows system, again).
- Made
npm stop/stop_server.shwork on Windows systems.
- Don't let Express URL decode the path passed to the proxy service.
- No code changes, but fixes permissions on the run_server script which prevented it from starting (due to 2.6.1 being published from a Windows system).
- The
feedbackservice now includes the Share URL for the current state of the map, if provided.
- Support HTTPS.
- Fix node engines specification in package.json. terriajs-server requires at least node v4.0, but 5.x, 6.x, etc. are fine.
- Fix bug in finding the path of config files, which shows up under Node 6.
- Support AWS S3 as a share data (URL shortener) backend.
- Tweak behaviour of data provided by
/sharewhen behind proxies. - v2.4.0 accidentally required NodeJS 5, when previously it worked on 0.10. This version restores support back to NodeJS 4.
- Support
maxConversionSizeparameter to determine what sized files can be converted. Still defaults to 1MB. - Remove warning message when no proxy auth file specified. (Still warn when it's specified but not available.)
- Support repeated command line parameters, such as
--port 3001 --port 4000. The rightmost one wins. - Enable 'strict' argument mode. This helps catch mistyped argument names.
- Support creating and resolving short URLs with different, prefixed providers.
- Provide /serverconfig endpoint to retrieve information about how the server is configured, including version.
- Config files (config.json and proxyauth.json) are now interpreted as JSON5, so they can include
//and/* */comments. - Deprecation warning:
#comments in config files will be removed in version 3. - With "--public false", now run just one CPU and don't restart on crashes, to facilitate development and testing.
- All API features are now being moved to
/api/v1(eg/api/v1/ping). They are currently available also under/pingbut will be removed. - Verbose output and logging can be enabled with
--verbose. - Support
hostNameparameter in config file, to provide better URLs.
- The
feedbackservice now includes theUser-Agentheader sent by the user's browser. - Added support for requiring HTTP basic authentication on all requests by supplying something like the following in the server configuration file:
{
"basicAuthentication": {
"username": "myusername",
"password": "mypassword"
}
}- Fixed a bug that caused the proxy to proxy any domain, even when given a whitelist.
- Add
trustProxysetting to configuration file, which is passed through to Express. See serverconfig.json.example.
- Add support for the
feedbackservice. See serverconfig.json.example for how to enable and configure it.
- Support "port" parameter in config file.
- Expect a server-specific configuration file, serverconfig.json, instead of one shared with the client.
- Move bypassProxyHosts option to that configuration file as bypassUpStreamProxyFor.
- Move upstreamProxy to config file.
- Rename proxyAuth.json to proxyauth.json
- Allow single line # comments in config files.
- Add /proxyableDomains endpoint which returns JSON list of domains we can proxy for.
- Allow catalog files outside your codebase to be specified using
initPaths: [...] - Config files are only looked for in the current directory, not in wwwroot or wwwroot/..
- Fixed a bug that caused all headers to be passed to the remote server by the proxy service, including headers that should be excluded.
- Added
run_server.shandstop_server.shscripts. - Fixed a bug that would cause the server to crash if
config.jsonwas missing. - Added support for HTTP error code 500.
- Remove supervisor, as it wasn't doing anything useful and caused CPU and other issues.
- First stable release.