v1.10.2

Security fix:

This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.

We removed setting Access-Control-Allow-Origin to * be default. This allowed evil websites to access your assets.
Instead we ask you to set Access-Control-Allow-Origin manually to your host if required in your setup.
Use the headers option to do so.

middleware(compiler, {
    headers: {
        "Access-Control-Allow-Origin": "your-host"
    }
})

Read more about CORS here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Bugfixes:

• Remove Access-Control-Allow-Origin = * default

v1.10.1

• Files with non-ascii names were not getting served (#171).

v1.10.0

• You probably have seen the infamous message webpack: bundle is now (IN)VALID. a lot of times. This has now been changed to more clear messages, clearly indicating when compiling and when done compiling, it will tell you if it was successful or with errors (#164).

v1.9.0

• Allow latest webpack 2.2.0-rc.0 as peer dependency (#160).
• Fix error handling for plugins (#157).
• Update memory-fs dependency to 0.4.1.
• Refactoring to make it easier to support other frameworks then Express in the future (#140).

v1.8.4

• Enforce UTF-8 in requests. This fixes a lot of issues with special characters (#136).

v1.8.3

The last few releases had a few bugs in them that shouldn't have reached stable. We're working hard on adding enough tests to prevent these kind of failures.

• Fix for output.path check with node < 0.12 (38ff513).
• Fix for output.path check on Windows with node < 5.0 (38ff513).
• Fix exception when using the deprecated watchDelay option (#131).

v1.8.2

• Add a nice error message when output.path in the webpack config is relative.
• Expose stats when using the advanced API (#127).
• Make log & warn functions replaceable (#124).
• Fix protocol-relative urls with publicPath (#129).

v1.8.1

• Fix exception thrown when using webpack array config (#125).

v1.8.0

• Add tests for everything (#121)!
• Use valid license for npm (af6243b).
• Instantiate the in-memory filesystem only once, meaning it can be shared when using multiple middleware instances with one webpack config (#120).
• When sending requests with a Range header, the status code would not always be correct (cedc09f).
• Middleware would not work with a proxy (#80).
• Add index option (default: index.html) to customize the file used as index for a directory (#123).

v1.7.0

• Add reporter option for custom logs (#91).
• Add serverSideRender option to help support server-side rendering (#118).
• Set statusCode to 200 for served files (#94).
• Fix waitUntilValid callback always being called immediately when using MultiCompiler (#100).
• Fix range support not working (#116).
• Only use middleware for GET requests (#96).