New property ServerController.CookieOptions.RunCookieCheck (default True). When set and the application requires cookies, IW will emit code to detect browser’s cookie support (i.e. if cookies are enabled). If cookies are disabled, a message will be displayed and the application loading will abort. The default message can be configured via RSCookieCheckMessage variable in IWResourceStrings.pas.
Bug fixes
THttpRequest.HasField() must also check query fields
In TIWHTTPClient class, use Content-Type as provided in CustomHeaders, if present
Modified
LogSessionEvents property moved to ServerController.SessionOptions.LogSessionEvents.
LogSessionEvents property now allows finer granularity of events that are logged (etCreate, etDestroy, etRequest)
IW will block the creation of a new session (responding with 404 status code) when it receives an XMLHttpRequests other than the ones originated from IntraWeb’s own JavaScript.
Extension “.alfa” included in ServerController’s BlockedDocExtensions property. This blocks some common scripts used in exploit attacks.