fix: relax content security policy for sveltekit starter
We had to roll back part of the increased default security policy for the sveltekit starter due to the framework's use of inline scripts
feat: Add canister snapshots
The new dfx canister snapshot command can be used to create, apply, and delete snapshots of stopped canisters.
feat: PocketIC HTTP gateway
icx-proxy's HTTP gateway has been replaced with PocketIC's. (This does not impact the meaning of --pocketic in dfx start.)
feat: Enable threshold schnorr signatures for Ed25519
Schnorr signature signing for Ed25519 is now enabled.
A test key id Ed25519:dfx_test_key is ready to be used by locally created canisters.
feat: Added settings_digest field to the network-id file
feat: install extensions using the catalog
dfx extension install now locates extensions using the
extension catalog.
This can be overridden with the --catalog-url parameter.
Dependencies
Replica
Updated replica to elected commit 3d0b3f10417fc6708e8b5d844a0bac5e86f3e17d.
This incorporates the following executed proposals:
feat: generate .env files for Motoko canisters
feat: support "security_policy" and "disable_security_policy_warning" in .ic-assets.json5
This change has an accompanying migration guide. Please see the 0.23.0 migration guide for instructions on how to adapt your project to this feature.
It is now possible to specify a "security_policy" field in .ic-assets.json5 for asset configurations.
Valid options are "disabled", "standard", and "hardened".
The security policy provides a set of standard headers to make frontends more secure.
Headers manually specified in the "headers" field take precedence over the security policy headers.
If "security_policy" is not specified or "disabled" is set, then no headers are added. If "security_policy" is not set at all, a warning is displayed that there is no security policy set.
If "standard" is specified, a set of security headers is added to the asset. The headers can be displayed with dfx info security-policy.
It is a set of security headers that will work for most dapps. A warning is displayed that the headers could be hardened.
If "hardened" is set, the same headers as with "standard" are added.
The asset sync expects that improved headers are set that would improve security where appropriate.
If no custom headers are present the asset sync will fail with an error.
All warnings regarding security policies can be disabled with ``"disable_security_policy_warning": true`. It needs to be set per asset.
The standard/hardened security policy headers can be seen with dfx info security-policy.
It also contains a lot of suggestions on how to harden the policy.
Updated the starter projects to use "security_policy" instead of including the whole security policy by defining individual headers.
feat: dfx info security-policy
Shows the headers that get applied to assets that are configured to "security_policy": "standard" or "security_policy": "hardened" in .ic-assets.json5.
Produces output that can be directly pasted into a .json5 document.
feat: dfx extension install <url to extension.json>
It's now possible for dfx extension install to install an extension from
somewhere other than https://github.com/dfinity/dfx-extensions, by passing
a URL to an extension.json file rather than an extension name.
For example, these are equivalent:
dfx extension install nns
dfx extension install https://github.com/raw/dfinity/dfx-extensions/main/extensions/nns/extension.jsonThis update also adds the optional field download_url_template to extension.json,
which dfx will use to locate an extension release archive.
fix: dfx extension install no longer reports an error if the extension is already installed
However, if a version is specified with --version, and the installed version is different,
then dfx extension install will still report an error.
fix: dfx ledger create-canister sets controller properly
A recent hotfix to the CMC changed how the arguments to notify_create_canister need to be passed.
dfx now again properly calls that function.
feat: display replica port in dfx start
This replaces the dashboard link, which is now shown only in verbose mode. This should hopefully be less confusing for new users.
feat!: add crate field to dfx.json
It is now possible to specify a particular crate within a Rust package to use for a canister module, using the crate field.
This enables specifying crates with different names than the package. In a few cases these were previously auto-detected
by dfx, you will need to add this field if you were using such a setup.
feat: the --wallet parameter now accepts an identity name
The --wallet parameter can now be either a principal or the name of an identity.
If the name of an identity, dfx looks up the associated wallet's principal.
This means --wallet <name> is the equivalent of --wallet $(dfx identity get-wallet --identity <name>).
fix: display error cause of some http-related errors
Some commands that download http resources, for example dfx extension install, will
once again display any error cause.