This overview lists changes included in Optimizely updates delivered as NuGet packages and services. Use the information to decide which updates to apply to your project, see Installing Optimizely updates. Select a product, package, or service in the left menu, and filter for dates, features, or bug fixes.
Note: New NuGet packages listed here may not be immediately available in the Optimizely NuGet feed.
Latest changes
Steps to reproduce: Pass one more custom clients in when calling UseContentApiIdentityOAuthAuthorization:
app.UseContentApiIdentityOAuthAuthorization <ApplicationUserManager<ApplicationUser>, ApplicationUser>(new ContentApiOAuthOptions { Clients = new[] { new ApiClientInfo { AccessControlAllowOrigin = "*", ClientId = "Custom"} } });
Make a call to the auth endpoint with the custom ClientId.
Expected result:
The new custom client should be defined.
Actual result:
You get a 400 response:
{ "error": "invalid_client_id", "error_description": "Client 'Custom' is not registered in the system." }
This is because the IdentityAuthorizationServerProvider uses constructor injection to get the ContentApiOAuthOptions. They should be passed in as they are never registered in StructureMap.
Update dependency range of Microsoft.AspNet.OData for CD.Search.
With this feature, the Options method for CDA (Content Delivery API) and CMA (Content Management API) endpoints is decorated adding full support for CORS (Cross-Origin Resource Sharing).
Other sites can send pre-flight request (Options request) to CDA and CMA endpoints. With this, CORS will also have support for the OAuth endpoints in the CD.OAuth package.
CD endpoints will return 'x-epi-continuation' in the 'Access-Control-Expose-Headers' header.
Constraint on Microsoft.AspNet.WebApi.WebHost has been bumped to the latest stable version (5.2.7).
OutputCache does not work with several time zones (e.g US - EST + 5) due to the DateTime.MaxValue is exceed.
When trying to startup a new commerce site the migration step fails because of event handler registered by ContentDependecyPropagator
2020-06-24 13:02:53,480 [1] ERROR EPiServer.Commerce.Internal.Migration.MigrationProgressMessenger: Migration step "Set catalog root access rights" failed with error: System.NullReferenceException: Object reference not set to an instance of an object. at EPiServer.Core.Internal.ContentCacheKeyCreator.CreateChildrenCacheKey(ContentReference contentLink, String languageID) at EPiServer.ContentApi.Core.OutputCache.Internal.ContentDependencyPropagator.ContentSecuritySaved(Object sender, ContentSecurityEventArg e) at System.EventHandler`1.Invoke(Object sender, TEventArgs e) at EPiServer.ChangeApproval.UI.Implementation.SecuritySettingCommandService.Save(IContentSecurityRepository contentSecurityRepository, ContentReference contentReference, IContentSecurityDescriptor contentSecurityDescriptor, SecuritySaveType securitySaveType) at EPiServer.ChangeApproval.UI.Implementation.SecuritySettingIntercept.Save(ContentReference ContentLink, IContentSecurityDescriptor contentSecurityDescriptor, SecuritySaveType securitySaveType) at EPiServer.Commerce.Internal.Migration.Steps.SetRootAccessControlEntriesStep.Execute(IProgressMessenger progressMessenger) at EPiServer.Commerce.Internal.Migration.MigrationManager.MigrateStep(IMigrationStep migrationStep)
All error messages should be generic without revealing any information about the internals of the system.
Upgrade the Content Delivery Form to use new API available with Episerver Forms version 4.25.
The ContentDeliveryApi.Forms – CD.Forms supports form rendering in SPA site with Vue or React. Basically, form template along with required resources such as jQuery, CSS, external JavaScript is returned by CD.Forms in the Json format and clients can use that information to render Forms as in normal alloy site.
Forms rendered in Single Page Application should behave the same as in Alloy site
Note:
Multiple access token has been created so it raises error at the next time we request token
