* Removal of the Redirect header sent by Authelia /api/verify endpoint.
* Authelia does not consume Host header anymore but X-Forwarded-Proto and X-Forwarded-Host
to compute the link sent in identity verification emails.
* Authelia used Host header as the application name for U2F authentication but it's now using
X-Forwarded-* headers.
These are 2 measures for improving security of cookies. One is used to
not send the cookie over HTTP (only HTTPS) and the other tells the browser to
disallow client-side code accessing the cookie.
One can now plug its own SMTP server to send notifications
for identity validation and password reset requests.
Filesystem has been removed from the template configuration file
since even tests now use mail catcher (the fake webmail) to
retrieve the email and the confirmation link.
Clement Michaud
Clement Michaud