xF2 Add-on [DigitalPoint] App for Cloudflare® 1.8.7

• Fixed issue with deleting a Page Cache rule (change to Cloudflare API)
• Fixed issue with changing Cloudflare settings on XenForo 2.3 (was being done with form submission instead of the intended AJAX request)
• Ignore full stat rebuilds (too many API calls [11 per day], it will be impossibly slow, and you will hit API rate limit very quickly, so it would fail anyway)

• Removed workaround to allow non-Duotone icons in admin navigation for XenForo 2.3 (fixed in XF core)
• Added new Cloudflare setting (under Security): Replace insecure JavaScript libraries
• Changed verbiage to be worded better when setting up API token initially

• Removed Brotli compression setting (it's now always on in Cloudflare)
• Removed Minify settings (they have been deprecated and will be removed from Cloudflare soon)
• Removed Server-side Exclude setting (it has been deprecated and will be removed from Cloudflare soon)
• Added option to create Firewall Rule to block AI scrapers & crawlers
• Updated Chart.js library to 4.4.3

• Prevent autocompletion of authentication token (saw a situation where it could be overwritten with an admin's saved password for the site)
• XenForo 2.3 compatibility:
  • Fix for template issue when managing country blocking due to XF core change in 2.3 beta 6
  • Fix various icons that didn't work in 2.3
  • Force 2.3 to allow non-Duotone admin navigation icons

• Changed wording of "API tokens & keys" to "API tokens" (no longer allowing global keys, only API tokens)
• Updated charting library (Chart.js) to 4.4.1
• Created workaround for addons being disabled during XenForo upgrades (we need to set the externalDataUrl so that the %ASSET:stylefolder% replacement var works as expected for R2 users when .less templates are compiled). Effectively we are firing our app_setup code event listener even when all addons are disabled during the upgrade process. See this thread.

• Presigned URLs forcibly set Content-Type and Content-Disposition HTTP response headers (fixes situation where something like rclone set incorrect content type for the object in the R2 bucket)
• Cloudflare statistics charts on admin dashboard dynamically resize properly when resizing window
• Added ability for individual API calls to ignore multiple error codes instead of just one
• Changed FsMounts::getFsAdapters method name to FsMounts::getDpFsAdapters to avoid naming collision with XFCloud addon (will need to update FileSystem addon as well if you are using it)

• The API calls necessary to build the Cloudflare settings page are now run in parallel (it's currently 10 API calls that were previously made sequentially). Viewing (and editing) settings is significantly faster now (it's as fast as the single slowest API call, rather than as slow as all 10 API calls added together).
• Added more sanity checks for unexpected Cloudflare API results
• Fixed issue where old public domains wouldn't get enabled when setting up R2 bucket for XenForo data (in a situation where it was an already existing bucket that already had public domain(s) assigned)

• Added link for info about why each Cloudflare token permission is needed
• Updated deep links into R2 buckets to use new URL endpoint
• Suppress Cloudflare rate limit error when purging URLs from cache when guest page caching is enabled (a very high traffic site could hit API rate limits if there's a zillion posts flowing in at once)
• Better handling of situation where Cloudflare API is down/unavailable
• Cloudflare Workers that are created for the image proxy and unfurl proxy have been rewritten to be ES Modules instead of Service Workers
• Removed "Security -> Privacy Pass Support" setting (it's been deprecated by Cloudflare and is no longer used)

• The Cloudflare Fonts option ID has changed. This addresses that (it's what I get for giving the ability to toggle options that Cloudflare has deemed "beta"... they are subject to change).
• Added a sanity check so if future option IDs change, it won't throw an error (along with not being able to change them). Instead, that option won't change until the ID is updated.

Better handling of unexpected Cloudflare API changes.

Click to expand...