@openziti/ziti-browzer-runtime

A JavaScript runtime that is auto-injected into the Page of a Zitified web app.

Part of the OpenZiti Zero Trust browZer stack

0.119.0 (2025-07-07)

Features

• remove JSPI origin trial mechanisms (#476) (c94c7fd)

0.118.0 (2025-05-14)

Features

• Katalon Recorder detection (#469) (5143448)

0.117.0 (2025-04-22)

Features

• AzureAD B2C support (#463) (ceb2611)

0.116.0 (2025-04-21)

Features

• AzureAD B2C support (#462) (90768d2)

0.115.0 (2025-04-17)

Features

• AzureAD B2C support (#461) (329b26b)

0.114.0 (2025-04-09)

Features

• proper handling of objectURL clicks (#459) (dbc001d)

0.113.0 (2025-04-09)

Features

• remove rogue CSS (#458) (1261615)

0.112.0 (2025-04-08)

Features

• fall back to id_token is access_token is bad (#452) (824c83e)

0.111.0 (2025-04-08)

Features

• fix for code scanning alert no. 9: Incomplete URL substring sanitization (#451) (8eb81d0)

0.110.0 (2025-04-08)

Features

• security updates (#450) (46c537c)

0.109.0 (2025-04-08)

Features

• security updates (#449) (cb8b023)

0.108.0 (2025-04-07)

Features

• defensive programming for dumpHeaders UUID (#448) (4a8f80d)

0.107.0 (2025-04-04)

Features

• blob:http handling (#446) (a69ae14)

0.106.0 (2025-04-04)

Features

• reactivate the SW-keepalive (#445) (8b51fa9)

0.105.0 (2025-04-02)

Features

• correct ephemeral cert issue on behalf of WebSocket intercept in ZBR (#443) (3d07b15)

0.104.0 (2025-04-01)

Features

• various HA enhancements (#441) (4fe74fc)

0.103.0 (2025-03-20)

Features

• gather OIDC scope from /external-jwt-signers (#437) (fb2b743)

0.102.0 (2025-03-19)

Features

• gather OIDC scope from /external-jwt-signers (#436) (1b0509d)

0.101.0 (2025-03-10)

Features

• security updates (#432) (1ae9aea)

0.100.1 (2025-02-25)

Bug Fixes

• If 'idp_authorization_scope' isn't specified, OIDC scopes get leading '+' (09f8812)

0.100.0 (2025-02-25)

Features

• security updates (#424) (67a5438)

0.99.1 (2025-02-25)

Bug Fixes

• code scanning alert no. 1: Incomplete string escaping or encoding (#419) (76a49ca)

0.99.0 (2025-02-25)

Features

• security updates (#417) (7a1586c)

0.98.0 (2025-02-13)

Features

• HA OIDC auth mechanisms, and start of white-labeling support (#403) (3c7c881)

0.97.6 (2025-01-15)

Bug Fixes

• POST via fetch to private API listening on HTTPS fails (#397) (e24fbe5)

0.97.5 (2025-01-14)

Bug Fixes

• Icon-related CSS for browZer tool-button can collide with some web apps (#395) (ed34933)

0.97.4 (2025-01-13)

Bug Fixes

• delete a stray variable assignment (#393) (4a84ec1)

0.97.3 (2025-01-13)

Bug Fixes

• Bogus access_token from Entra can cause SW load of ZBR to fail (#392) (1a3ad37)

0.97.2 (2025-01-10)

Bug Fixes

• Bogus access_token from Entra can cause PKCE redirect loop in ZBR (#391) (b0e3f80)

0.97.1 (2025-01-09)

Bug Fixes

• Drop of very large files into Mattermost causes exception (#389) (be6e199)

0.97.0 (2025-01-06)

Features

• XHR tweaks (#387) (61acc46)

0.96.0 (2024-12-19)

Features

• Make ZAC served from Controller's /zac binding work under browZer (#386) (12dd852)

0.95.0 (2024-12-13)

Features

• resolve 'uplot' CSS issue (#384) (8406dd0)

0.94.0 (2024-12-13)

Features

• remove ZBR's 'throughput chart' gradient style (#383) (a8fe69c)

0.93.0 (2024-12-12)

Features

• ZBR's 'throughput chart' gradient style bleeds through to Grafana Charts (#382) (2e053ca)

0.92.0 (2024-12-04)

Features

• let SW take care of XHR (#379) (edcc779)

0.91.0 (2024-11-17)

Features

• use 'api://<clientId>' for 'PKCE scope' with Entra (#376) (4a8c654)

0.90.0 (2024-11-13)

Features

• browZer id_token->access_token refactor (Entra changes) (#375) (bdac130)

0.89.0 (2024-11-12)

Features

• browZer id_token->access_token refactor (Auth0 changes) (#374) (b1717f8)

0.88.0 (2024-11-04)

Features

• remove 'date-fns' dep (#373) (7b1af72)

0.87.0 (2024-11-01)

Features

• id_token -> access_token refactor (#372) (6f3abc0)

0.86.0 (2024-10-23)

Features

• Render Error page when IdP 'issuer' is incorrect (#370) (d050933)

0.85.0 (2024-10-21)

Features

• handle null targetServiceAppData (#368) (72818f5)

0.84.0 (2024-10-21)

Features

• handle null targetServiceAppData (#367) (1b3bbed)

0.83.0 (2024-10-20)

Features

• change syncXHR gate from 'err page' to 'warning toast' (#366) (3e1a12f)

0.82.0 (2024-10-08)

Features

• do not process 'null' as a WebSocket event listener (#361) (7c1f25d)

0.81.0 (2024-10-02)

Features

• ignore 'pagehide' events that contain '/#/' in the URL (e.g. Jellyfin) (#359) (01f2594)

0.80.0 (2024-09-24)

Features

• bump to @openziti/libcrypto-js 0.24.0 (#357) (0956aa3)

0.79.0 (2024-09-13)

Features

• honor optional 'protocols' parm on intercepted WebSocket constructor (#355) (79d487f)

0.78.0 (2024-09-11)

Features

• move JWT expiration checking to ZBR (part of HA) (#352) (9bc100e)

0.77.0 (2024-09-09)

Features

• HA network detection, and authentication (#350) (029b33d)

0.76.0 (2024-08-29)

Features

• Use Cert chain when in HA networks (#345) (e833daa)

0.75.0 (2024-08-26)

Features

• Cert chain parsing support (#341) (671b22f)

0.74.0 (2024-08-26)

Features

• Cert chain parsing support (#340) (4eb9cda)

0.73.1 (2024-08-22)

Bug Fixes

• Auto-render of Throughput Chart is too aggressive (#338) (96c43c7)

0.73.0 (2024-08-21)

Features

• HomeAssistant support: various WebSocket and XHR tweaks (#337) (d66f27b)

0.72.0 (2024-08-02)

Features

• Render Error page if Controller certs are expired (#330) (4826cd2)

0.71.2 (2024-07-17)

Bug Fixes

• expose 'state constants' on ZitiDummyWebSocketWrapper object (#328) (3cb9a66)

0.71.1 (2024-07-17)

Bug Fixes

• expose 'readyState' property on ZitiDummyWebSocketWrapper object (#326) (190ea57)

0.71.0 (2024-07-16)

Features

• new 'range' picker for throughput chart start-render time (#324) (d28098c)

0.70.2 (2024-07-15)

Bug Fixes

• mobile adjustments for throughput chart (#323) (f8dbb64)

0.70.1 (2024-07-15)

Bug Fixes

• mobile adjustments for throughput chart (#322) (15ee119)

0.70.0 (2024-07-12)

Features

• new throughput chart in browZer tools (#320) (7159081)

0.69.0 (2024-07-09)

Features

• emit error page if wssER connections fail (#317) (b2ea71b)

0.68.4 (2024-07-08)

Bug Fixes

• remove obsolete hotkey/modal (#316) (3f6b278)

0.68.3 (2024-07-02)

Bug Fixes

• properly handle WebSocket msgs sent with opcode 2 (binary) (#315) (5ee5a50)

0.68.2 (2024-07-01)

Bug Fixes

• better browZer button position mgmt during window resizes (#313) (c2fe6c9)

0.68.1 (2024-06-28)

Bug Fixes

• send chunked WebSocket frames in a single write (prevent RSV2/3 errs) (#309) (c94588c)

0.68.0 (2024-05-22)

Features

• add browZer tool button (#297) (0e96bc5)

0.67.1 (2024-05-13)

Bug Fixes

• correct a cookie handling issue (Wazuh) (#294) (9b0ef06)

0.67.0 (2024-04-29)

Features

• adjust CI/runtime to use hash-bundle name for browZer CSS (#292) (b830e99)

0.66.1 (2024-04-29)

Bug Fixes

• adjust render of 'latest release available' (#290) (6bacb51)

0.66.0 (2024-04-29)

Features

• New Settings Dlg (with 'Changelog' and 'Feedback' widgets) (#289) (d9e3cab)

0.65.1 (2024-04-22)

Bug Fixes

• Service revocation detect/react enhancements (#287) (7f01c65)

0.65.0 (2024-04-19)

Features

• Origin Trial support (#282) (afd5089)

0.64.3 (2024-04-16)

Bug Fixes

• bypass pkceLogout - AzureAD UI mitigation (#280) (6d1a045)

0.64.2 (2024-04-12)

Bug Fixes

• add an AzureAD oauth response 'expires_in' workaround (#279) (1aa7327)

0.64.1 (2024-04-01)

Bug Fixes

• Properly handle unspecified XHR 'sync' parm (#278) (249ca86)

0.64.0 (2024-03-31)

Features

• Blueframe support (#276) (777cf04)

0.63.2 (2024-03-21)

Bug Fixes

• avoid using null appdata (#274) (2544b2b)

0.63.1 (2024-03-18)

Bug Fixes

• Scada web app loses WebSocket connection (#273) (c5cdace)

0.63.0 (2024-03-15)

Features

• PKCE callback error handling (#270) (67cbf11)

0.62.0 (2024-03-13)

Features

• XHR ProgressEvent enhancements; PKCE logout adjustment (#268) (d27370e)

0.61.1 (2024-03-07)

Bug Fixes

• improve Auth0 IdP logout (#267) (34aba30)

0.61.0 (2024-03-05)

Features

• improve intercept.v1 config protocol parsing (#266) (af4f687)

0.60.0 (2024-03-04)

Features

• add inflate-deflate support (#265) (9faa2fb)

0.59.3 (2024-02-29)

Bug Fixes

• zabbix tweak (#264) (1a2144b)

0.59.2 (2024-02-28)

Bug Fixes

• relative path tweak (#263) (bb4c85f)

0.59.1 (2024-02-21)

Bug Fixes

• Wazuh support (#261) (4544ba2)

0.59.0 (2024-02-10)

Features

• OIDC refactor (#260) (89fda74)

0.58.1 (2024-02-05)

Bug Fixes

• introduce ZitiDummyWebSocketWrapper (#259) (52979fa)

0.58.0 (2024-02-05)

Features

• introduce ZitiDummyWebSocketWrapper (#258) (45b4c69)

0.57.1 (2024-01-31)

Bug Fixes

• WebSocket intercept regression (#256) (312e57d)

0.57.0 (2024-01-30)

Features

• Support Mattermost desktop (Electron) app (#253) (db85462)

0.56.3 (2024-01-29)

Bug Fixes

• strange css issue accessing ZAC (#251) (0218a42)

0.56.2 (2024-01-25)

Bug Fixes

• reload page after SW activation complete (#248) (f16ee57)

0.56.1 (2024-01-25)

Bug Fixes

• reload page after SW activation complete (#247) (74f6337)

0.56.0 (2024-01-25)

Features

• agent pool (#246) (564a4b5)

0.55.4 (2024-01-11)

Bug Fixes

• multi-MB writes fail under nestedTLS (#244) (7695103)

0.55.3 (2024-01-10)

Bug Fixes

• cookie intercept regression (#243) (98c2fbc)

0.55.2 (2024-01-08)

Bug Fixes

• semver skew (#240) (2224898)

0.55.1 (2024-01-08)

Bug Fixes

• 'socket hang up' errors (again) (#239) (0c194ad)

0.55.0 (2024-01-05)

Features

• introduce 'eruda' url query parm (#237) (0360e57)

0.54.1 (2024-01-04)

Bug Fixes

• 'socket hang up' errors (#236) (074c50c)

0.54.0 (2023-12-19)

Features

• eruda (#234) (d55efa0)

0.53.0 (2023-12-16)

Features

• add gzip support (#228) (e25b2e9)

0.52.1 (2023-12-12)

Bug Fixes

• enhanced JSPI check (#223) (d009bae)

0.52.0 (2023-12-11)

Features

• support Keycloak (#222) (4d09ba9)

0.51.1 (2023-12-06)

Bug Fixes

• loadBalancer url calc (#208) (ca832c7)

0.51.0 (2023-12-06)

Features

• Support multiple wssER's in same network (#207) (5ac13fe)

0.50.0 (2023-12-03)

Features

• TLS handshake timeout event (#206) (b6630ca)

0.49.0 (2023-11-20)

Features

• Load Balancer support (#204) (92bee05)

0.48.5 (2023-11-19)

Bug Fixes

• typos (#203) (8116425)

0.48.4 (2023-11-18)

Bug Fixes

• access_token purge (#202) (db0a655)

0.48.3 (2023-11-17)

Bug Fixes

• access_token tweak (#201) (cb8a3c8)

0.48.2 (2023-11-17)

Bug Fixes

• authClient cacheLocation (#200) (8506960)

0.48.1 (2023-11-17)

Bug Fixes

• SW keep-alive (#199) (30f6261)

0.48.0 (2023-11-14)

Features

• MSFT RDS/RDP (#198) (5ab70a7)

0.47.2 (2023-11-03)

Bug Fixes

• ensure UA header is present (keep Observium happy) (#197) (aa50fc5)

0.47.1 (2023-11-01)

Bug Fixes

• handle duplicate Set-Cookie headers from Icinga (#196) (4f51215)

0.47.0 (2023-10-30)

Features

• Dual-mode: JSPI or NO_JSPI (#195) (10f8c02)

0.46.0 (2023-10-23)

Features

• JSPI (#194) (6d36c51)

0.45.6 (2023-09-27)

Bug Fixes

• Force IdP logout if local auth state indicates user is unauthenticated (#193) (bd43acd)

0.45.5 (2023-09-18)

Bug Fixes

• correct problem with nested Request handling (#192) (f8b3a7c)

0.45.4 (2023-09-14)

Bug Fixes

• correct problem with intercepted WebSocket msg handling (#191) (de5a840)

0.45.3 (2023-09-13)

Bug Fixes

• retire ZBR 'fetch' intercept and rely on ZBSW for 'fetch' intercept (#190) (d71ae07)

0.45.2 (2023-09-11)

Bug Fixes

• don't drop METHOD when building ClientRequest (#189) (dfa1494)

0.45.1 (2023-09-06)

Bug Fixes

• syncXHR event (#188) (1a47133)

0.45.0 (2023-08-31)

Features

• Rancher support (#187) (f52a765)

0.44.3 (2023-08-21)

Bug Fixes

• adjust Zabbix cookie handling (#185) (9e1a860)

0.44.2 (2023-08-15)

Bug Fixes

• adjust requestFailedWithNoResponseEvent handling (#184) (a7ab7fc)

0.44.1 (2023-08-08)

Bug Fixes

• remove utf-8-validate dep (#183) (6660865)

0.44.0 (2023-08-08)

Features

• ZITI_EVENT_NO_WSS_ROUTERS (#182) (db3f609)

0.43.1 (2023-08-07)

Bug Fixes

• TeamCity support (#181) (1f94508)

0.43.0 (2023-08-04)

Features

• BrowZer error page (#180) (9565689)

0.42.0 (2023-08-02)

Features

• alert on channelConnectFailEvent (#179) (7bae8f6)

0.41.1 (2023-08-02)

Bug Fixes

• pause for TLS cipher suite negotiation completion (#178) (c9676c9)

0.41.0 (2023-07-26)

Features

• bootstrapper config rename (#177) (e918f62)

0.40.0 (2023-07-26)

Features

• bootstrapper config rename (#176) (4d7b8e1)

0.39.0 (2023-07-25)

Features

• bootstrapper rename (#175) (df666f8)

0.38.0 (2023-07-24)

Features

• cert expired alert (#174) (39435d5)

0.37.1 (2023-07-20)

Bug Fixes

• include BrowZer Bootstrapper port when registering the SW (#173) (3d3f269)

0.37.0 (2023-07-19)

Features

• emit troubleshooting alerts (#172) (8efc745)

0.36.2 (2023-07-13)

Bug Fixes

• do a GET before a POST at startup (use listControllerVersion) (#171) (7c4cd05)

0.36.1 (2023-07-12)

Bug Fixes

• prevent msal 'BrowserAuthError: interaction_in_progress' exception (#170) (0e91756)

0.36.0 (2023-07-10)

Features

• add msal 'logoutRedirect' upon JWT expiration for AzureAD (#169) (c60a2d4)

0.35.0 (2023-07-09)

Features

• use msal for AzureAD; ServiceWorker intercept; XML response handling in XHR (#168) (2220489)

0.34.1 (2023-06-12)

Bug Fixes

• spaces in service name (#166) (2741ce0)

0.34.0 (2023-06-12)

Features

• status bar chart (xgress bars) (#165) (3300f7b)

0.33.0 (2023-05-30)

Features

• SW bootstrap enhancement (#164) (6948e82)

0.32.0 (2023-05-26)

Features

• support both 'ws' and 'wss' ER bindings (#163) (2bba4d0)

0.31.0 (2023-05-23)

Features

• advanced services support (#161) (bee073f)

0.30.1 (2023-05-19)

Bug Fixes

• correct wb.register sequencing (#160) (d4df2de)

0.30.0 (2023-05-17)

Features

• bump to core v0.21.1 (#159) (91cfbc3)

0.29.0 (2023-05-17)

Features

• add unsupported user-agent alert - fixes #138 (#158) (cd58ece)

0.28.0 (2023-04-10)

Features

• Move OIDC tasks to ZBR (#157) (2c288a2)

0.27.0 (2023-03-27)

Features

• add prerelease publishing job (#156) (4bcf5d3)

0.26.1 (2023-03-13)

Bug Fixes

• Eliminate stray abort() (#154) (a62e8c8)

0.26.0 (2023-03-12)

Features

• listen on HTTP support (#153) (7f0f63c)

0.25.0 (2023-01-23)

Features

• phase-1 https service support (#147) (6c4d2ac)

0.24.1 (2022-11-29)

Bug Fixes

• improve relative URL handling (#134) (37f06ed)

0.24.0 (2022-11-27)

Features

• use 'memoization' for some frequently-used expensive (core) funcs (#130) (1ac67a4)

0.23.1 (2022-11-21)

Bug Fixes

• host the 'toast' locally, not in CDN (#129) (b586c9f)

0.23.0 (2022-11-18)

Features

• support for Jenkins, Jellyfin (#128) (1c6d12d)

0.22.0 (2022-11-03)

Features

• hard refresh recovery (#125) (568a553)

0.21.7 (2022-10-31)

Bug Fixes

• bump to core 0.16.12 (#123) (e849337)

0.21.6 (2022-10-24)

Bug Fixes

• be less aggressive with 'no channel' reboot (#121) (49f8739)

0.21.5 (2022-10-19)

Bug Fixes

• channel/ws close handling (#118) (99b5b94)

0.21.4 (2022-09-13)

Bug Fixes

• don't hang if some wsER's are offline (#108) (58144a6)

0.21.3 (2022-09-09)

Bug Fixes

• correct click handling depth (#107) (994d055)

0.21.2 (2022-09-07)

Bug Fixes

• correct attachment downloads in Mattermost (#106) (47d3f5e)

0.21.1 (2022-09-06)

Bug Fixes

• add missing file (#105) (85d6fd3)

0.21.0 (2022-09-06)

Features

• client-side logLevel control (#104) (59f6e60)

0.20.0 (2022-08-31)

Features

• hotKey modal support (#100) (71ac5e5)

0.19.0 (2022-08-30)

Features

• hotKey config (#99) (7e84ad7)

0.18.0 (2022-08-30)

Features

• browZerSession support (#98) (534ce49)

0.17.4 (2022-08-23)

Bug Fixes

• correct ZBR toast handling in Apache Guacamole webapp (#97) (1522a77)

0.17.3 (2022-08-23)

Bug Fixes

• correct libsodium e2e encryption regression (#96) (37741f2)

0.17.2 (2022-08-19)

Bug Fixes

• initiate a full reload after the network comes back online (#94) (939e01a)

0.17.1 (2022-08-19)

Bug Fixes

• correct handling of HTTP requests w/relative URLs (#93) (f8d20a1)

0.17.0 (2022-08-17)

Features

• ensure SW controls page before attempting to send config (#92) (ed1b9dc)

0.16.1 (2022-08-16)

Bug Fixes

• return controller version (#91) (196d89a)

0.16.0 (2022-08-11)

Features

• initiate proper ZBR bootstrapping by SW (#90) (0ce909d)

0.15.0 (2022-08-09)

Features

• specify SW version when registering (#89) (cebe98a)

0.14.2 (2022-08-08)

Bug Fixes

• correct 401's on img loads following SW reactivation (#88) (4303e65)

0.14.1 (2022-08-05)

Bug Fixes

• correct unneeded unregister/reloads (#87) (8d4a884)

0.14.0 (2022-08-05)

Features

• add SW reload event mechanism (#86) (5a69d98)

0.13.0 (2022-08-04)

Features

• add 'toast' mechanism (#85) (879c7c8)

0.12.0 (2022-08-03)

Features

• no limits on simultaneous requests (#84) (4baf69e)

0.11.12 (2022-08-02)

Bug Fixes

• semver (#83) (2e07092)

0.11.10 (2022-07-27)

Bug Fixes

• remove extraneous dot in URL transform (#79) (296f945)

0.11.9 (2022-07-25)

Bug Fixes

• correct dbl slash that caused inappropriate 301's (#78) (12b2a52)

0.11.8 (2022-07-25)

Bug Fixes

• correct missing Buffer reference (#77) (eec1633)

0.11.7 (2022-07-24)

Bug Fixes

• JWT expiration improvements (#76) (bfb4bda)

0.11.6 (2022-07-21)

Bug Fixes

• typo (#75) (50f69ee)

0.11.5 (2022-07-21)

Bug Fixes

• Need for Speed: make EC keys the default (#74) (ced0f58)

0.11.4 (2022-07-20)

Bug Fixes

• getMatchConfigInterceptV1 false positives (#73) (b0d9ebf)

0.11.3 (2022-07-19)

Bug Fixes

• Pause for session cert sync to ER (#72) (259b124)

0.11.2 (2022-07-19)

Bug Fixes

• Pause for session cert sync to ER (#71) (885a3a1)

0.11.1 (2022-07-19)

Bug Fixes

• OWASP JuiceShop fixes (#70) (5a7b6c8)

0.11.0 (2022-07-16)

Bug Fixes

• semver (#65) (3b754e6)

Features

• Optional WASM Load (#64) (f2b4a58)
• Zitified ZAC enablement (#63) (01434ac)

0.8.1 (2022-06-21)

Bug Fixes

• use httpAgent.target.service (#57) (2850bf6)

0.8.0 (2022-06-01)

Features

• TLS via WASM (#49) (40ac49c)

0.7.0 (2022-05-02)

Features

• add IdP access_token handling (#32) (f048357)

0.6.0 (2022-04-20)

Features

• intercepts (#24) (1e27ae8)

0.5.0 (2022-04-12)

Features

• phase5 (#20) (9691b2f)

0.4.0 (2022-04-06)

Features

• phase4 (#14) (6bbc358)

0.3.0 (2022-04-04)

Features

• phase3 (#12) (9ec26f7)

0.2.0 (2022-03-31)

Features

• phase2 (#9) (348af3c)