- support config of CSRF by composition, component and endpoint level
- add option to configure urlencoded middleware
- add flag (csrfProtection) to enable SCRF Protection by Double Submit Cookie
- skip invalid components, log error and serve 500 if requested
- set
req.resources={}, if resources promise rejects (log error in dev mode) - add optional
options.requestJsonLimit(defaults to '100kb')
- support usage as dev-dependency of component packages
- add compositionConfig to request object
- add endpointConfig to request object
- add req.cookiesByArray object to support duplicate cookie names
- add req.cookies object, if request cookies exists
- add Content Security Policy (CSP) support
- add Cross Origin Resource Sharing (CORS) support
- remove transpile step (reduce dependencies)
- merge global, component-sepcific config into component object (overwrites default)
- change api: only express app (middleware function) is exported now
- remove dependency to @pubcore/node-server-docker
- update docs
- forward request object to optional "resources" function
- add support of static files by optional component's htdocs directory
- add optional error handler middleware
- add documentation
- private components: remove reject callback
- private components: login callback is required, if u-name or password is given
- introduced config property "componentDefault"
- added support for private components via new "public" property of component config.
- added option to load custom resources via new "resources" property of component config.