Lately, Weavy has focused on improved security and cross-browser support in the client. We added a lot of features to help you detect configuration issues, and several improvements for privacy modes in browsers. We have also updated a lot of code internally to get better mobile support, improved performance and enhanced support in different client environments, such as Dynamics 365.
We added support for Storage Access API, which allows usage of third party cookies in all current browsers, even in privacy or incognito modes, by requesting user permission when needed. This means Weavy can be used in cross domain setups even with strict tracking protection. Chrome is not yet supporting the new API, but when they do we are already prepared. This also means we have full support in Safari. To avoid getting user permission, we still recommend you to set up Weavy as a subdomain to your site to get same-site benefits which removes the need for user permissions.
We added a watchdog that will help you detect issues in cross domain setups. If something is blocked it will give you extended errors in the browser console to help you set up your server configuration properly.
The internal client service for postMessages are now using weavy.cors-origins from the server configuration to secure messaging. It's recommended to set up the cors-origins even if you are using a subdomain same-site setup. The postal service has also been extended with message receipt promises to ensure messages are delivered properly.
Using postal to communicate with an app can now also be done fully secure directly on an app in the client using app.postMessage() or app.on("message", ...) to listen to messages from the app.
