Tags: Zipstack/unstract
Tags
UN-3124 [FIX] : Add security headers and HTTP method restrictions to … …nginx (#1726) * feat: Add security headers and HTTP method restrictions to nginx - Add X-Content-Type-Options header to prevent MIME sniffing - Add X-Frame-Options header to prevent clickjacking - Add X-XSS-Protection header for XSS protection - Add Referrer-Policy header for referrer control - Disable TRACE and TRACK HTTP methods - Limit allowed HTTP methods to GET, HEAD, POST in location block * fix: Remove deprecated X-XSS-Protection header X-XSS-Protection is deprecated and ignored by modern browsers. Chrome removed support in 2019. Content-Security-Policy (CSP) is the recommended replacement for XSS protection. * fix: Limit HTTP methods to GET and HEAD only Static file serving only requires GET and HEAD methods. POST is not needed as API calls go directly to the backend.
fix: Replace CDN URL with local import for PDF worker (#1720) * fix: Replace CDN URL with local import for PDF worker Replace the external CDN URL (unpkg.com) for pdf.js worker with a local import from the installed pdfjs-dist package using Webpack 5's asset module feature. Changes: - Use 'pdfjs-dist/build/pdf.worker.min.js?url' import syntax - Export the imported worker URL instead of hardcoded CDN URL Benefits: - Eliminates external network dependency for PDF rendering - Worker version automatically stays in sync with installed package - Enables offline functionality - Faster loading as worker is bundled with the application - Consistent with existing pattern used in ExtractionModal.jsx * refactor: Use export...from syntax for re-exporting PDF worker URL Addresses SonarCloud code smell by using the more concise 'export { default as X } from' syntax instead of separate import and export statements.
UN-1725 [FIX] Remove CheckableTag enabled/disabled toggle from LLM pr… …ofiles (#1704) Remove the enabled/disabled toggle feature from prompt card LLM profiles as it caused newly added profiles to appear disabled by default. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
[MISC] Load pdfjs worker from node_modules instead of CDN (#1716) * MISC [FIX] Load pdfjs worker from node_modules instead of CDN Use ?url import for pdfjs-dist worker to load from local node_modules instead of relying on CDN URL. Resolves version mismatch issues between package and worker versions. 🤖 Generated with Claude Code Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * MISC [FIX] Use centralized pdfWorkerConfig with CRA/Vite compatible new URL() pattern 🤖 Generated with Claude Code Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Hari John Kuriakose <hari@zipstack.com>
UN-3008 [FIX] Pass word-level confidence setting to Structure Tool (#… …1714) * UN-3008 [FIX] Pass word-level confidence setting to Structure Tool Fix missing propagation of word confidence setting: - Add ENABLE_WORD_CONFIDENCE constant to SettingsKeys - Read and pass word confidence setting through tool_settings * Bump Structure Tool version to 0.0.95
UN-3022 [FEAT] - Enable HITL rule engine for API deployments (#1703) * [FEAT] Enable HITL rule engine for API deployments - Add Configure HITL button for API destination connectors - Support API-specific HITL rules with rule_type parameter - Add HITL metadata to API response (file_sent_to_hitl, reason) - Update backend destination connector to evaluate API rules - Add has_api_rules() and validate_rule_engine() to WorkflowUtil - Ensure backward compatibility: no rules = all files to HITL - OSS compatible: placeholder methods return safe defaults * added hitl reason
UN-2301 [FIX] Capture connector error logs in ETL and display in fron… …tend (#1650) * Adding logs to worker-logging * Adding logs to worker-logging * minor change in source connector * PR reviews * small change --------- Co-authored-by: Chandrasekharan M <117059509+chandrasekharan-zipstack@users.noreply.github.com>
PreviousNext