GitLab

• Add Firewall.Getcsrf and Firewall.Getcsrfisvalid APIv3 functions.

• Change the way we generate/validate CSRF tokens so they do not rely on session (or any) storage:

  Previously this was stored in the user session but this causes problems if you request more than one token in the same session (eg. by opening multiple payment pages in different browser tabs).

• Fix parameters for API3 Job.firewall_cleanup.

• Don't log changes to civicrm_firewall_ipaddress table.

• Regenerate DAO (Data Access Object) files to support changes in CiviCRM 5.27+.

• Don't specify ROW_FORMAT=DYNAMIC when installing (leave it to CiviCRM/database to decide).

• Fix #5 Api4 related error with Firewall: Cleanup job

No change from 0.2 - just marking as 1.0 for automated distribution per extension-review-requests#14

• Specify database Engine=InnoDB and Row format = DYNAMIC to resolve installation issues on some database servers.

Initial release. Currently Stripe is the only CiviCRM extension known to be using this extension. It implements IP address based blocking if Stripe reports fraudulent card payments or CSRF tokens are not valid.