Sleep SafeRelease Notes


  • New: Added override hook to SleepSafeMiddleware to optionally exempt HTTP requests from being guarded.
  • New: CsrfTokenGuard.validateToken() to manually validate a CSRF token.
  • New: CSRF token timestamp is placed in HttpRequest.stash["afSleepSafe.csrf.tokenTs"] upon verification.
  • Chg: SameOriginGuard is disabled by default as the preferred Referrer-Policy header may interfer with it.
  • Chg: CSP report function now also prints out the User-Agent header.


  • New: Initial release.