Another great update of Wappler at your disposal! Now with the very anticipated CSRF Support for tight security of your forms and form posts in NodeJS to make your NodeJS sites bullet proof against XSS attacks.

App Connect 2 is also extended for CSRF support and now you can easily add CSRF tokens to your forms in App Connect 2.

For more explanation about CSRF and how to use it see Using CSRF Tokens

Furthermore we have more Docker improvements as well as the new SSL options for Databases per target, so that you can specify SSL options needed for Cloud Databases for example like Digital Ocean Managed Databases.

And last but not least there are many App Connect 2 extension updates with fixes of the issues reported by the community.

NodeJS

• Implemented CSRF Support for secure form posts preventing XSS Attacks
• Now to enable it you have to turn it on in the global Server Connect options
• Note: Once turned on each form post to server connect action has to include the special CSRF token! The token can be generated on your page as meta tag with name "csrf-token" or included in the form as hidden field with the name CSRFToken
• Session ttl default was in milliseconds instead of seconds

General

• Added new CSRF Token meta tag
• Optimized greatly the App Connect component checking on save or page open and confirmation for assets changing.

Docker Support

• Removed the deprecated version tag in docker-compose files

Project Options

• Added SSL options for Databases per target, so that you can specify SSL options needed for Cloud Databases for example like Digital Ocean Managed Databases

Server Connect

• Added CSRF options to the global Server Connect Options
• Add edit action icon next to the Server Connect action picker for direct action edit

App Connect 2.0.6

• Allow all form inputs to have a server side data binding as statis value, NodeJS only
• Add new CSRF Token Hidden field for including CSRF tokens in forms
• Improved parsing of non objects
• Added initial Decimal support of the and 'm' decimal notation in expressions. Requires the additional Decimal.js library to be included

App Connect Dropzone 2.0.3

• Fixed dataUrl not working in dropzone

App Connect Medium Editor 2.0.2

• Allow Medium Editor to work in Bootstrap Modals

Bootstrap 4 & 5 Toasts

• Added the useHTML options to the flow rules

App Connect Video 2.0.1

• Dynamic src attribute on video component fixed

App Connect Autocomplete 2.0.1

• Fixed autocomplete not showing No Results message

Fixed issues

• Autocomplete No Results not appearing
• DigitalOcean docker production target bug? NOT CREATING docker-compose.yml
• Make Server Actions editable from picker
• Security identity in Globals bug. version 6.5.5
• "Session Store" option memory, remove additional data during login
• Anti-CSRF Tokens
• Dynamic Video URL Does not load but static does
• Have Medium Editor work in a Modal
• Dropzone no longer working if thumbs==false
• 'Changes in used component' pop-up every time I save a file
• "Open Server Action" button for Form and Server Connect
• https://community.wappler.io/t/csrf-vulnerability-on-server-connect/43948
• Double Click to open Server Action from within page App Panel?