xF2 Add-on [DigitalPoint] App for Cloudflare® 1.9.1.1

Fixes an issue where if you have other addons that extend the XF\Templater class, with an execution order higher than 1000, and you are trying to view IP addresses that were logged without an associated geo-location record for that IP.

• Fixed issue with geo-location of user IPs in admin area on latest versions of PHP
• Fixed issue with geo-location when users are viewing their own IP addresses (when using Security addon)

• Get user IP from request class rather than PHP global variable
• Geo-location flags work for article authors
• Don't log geo-location info for sessions if using XenForo < 2.2.8 (required method wasn't introduced until XF 2.2.8)
• Internally simplified how geo-location flag CSS is generated

Yuck... sorry. This fixes it.

Click to expand...

• Added new Cloudflare setting (under Speed): Speed Brain
• Easy Config enables Speed Brain
• Added support for setting SSL/TLS Encryption Mode to Strict (SSL-only origin pull) (for Enterprise zones)
• Added new Cloudflare setting (under SSL/TLS): Encrypted Client Hello
• Added new Cloudflare setting (under Security): Leaked credentials

• Fixed issue with deleting a Page Cache rule (change to Cloudflare API)
• Fixed issue with changing Cloudflare settings on XenForo 2.3 (was being done with form submission instead of the intended AJAX request)
• Ignore full stat rebuilds (too many API calls [11 per day], it will be impossibly slow, and you will hit API rate limit very quickly, so it would fail anyway)

• Removed workaround to allow non-Duotone icons in admin navigation for XenForo 2.3 (fixed in XF core)
• Added new Cloudflare setting (under Security): Replace insecure JavaScript libraries
• Changed verbiage to be worded better when setting up API token initially

• Removed Brotli compression setting (it's now always on in Cloudflare)
• Removed Minify settings (they have been deprecated and will be removed from Cloudflare soon)
• Removed Server-side Exclude setting (it has been deprecated and will be removed from Cloudflare soon)
• Added option to create Firewall Rule to block AI scrapers & crawlers
• Updated Chart.js library to 4.4.3

• Prevent autocompletion of authentication token (saw a situation where it could be overwritten with an admin's saved password for the site)
• XenForo 2.3 compatibility:
  • Fix for template issue when managing country blocking due to XF core change in 2.3 beta 6
  • Fix various icons that didn't work in 2.3
  • Force 2.3 to allow non-Duotone admin navigation icons

• Changed wording of "API tokens & keys" to "API tokens" (no longer allowing global keys, only API tokens)
• Updated charting library (Chart.js) to 4.4.1
• Created workaround for addons being disabled during XenForo upgrades (we need to set the externalDataUrl so that the %ASSET:stylefolder% replacement var works as expected for R2 users when .less templates are compiled). Effectively we are firing our app_setup code event listener even when all addons are disabled during the upgrade process. See this thread.