[DigitalPoint] App for Cloudflare®

xF2 Add-on [DigitalPoint] App for Cloudflare® 1.8.2

No permission to download
  • Changed wording of "API tokens & keys" to "API tokens" (no longer allowing global keys, only API tokens)
  • Updated charting library (Chart.js) to 4.4.1
  • Created workaround for addons being disabled during XenForo upgrades (we need to set the externalDataUrl so that the %ASSET:stylefolder% replacement var works as expected for R2 users when .less templates are compiled). Effectively we are firing our app_setup code event listener even when all addons are disabled during the upgrade process. See this thread.
  • Presigned URLs forcibly set Content-Type and Content-Disposition HTTP response headers (fixes situation where something like rclone set incorrect content type for the object in the R2 bucket)
  • Cloudflare statistics charts on admin dashboard dynamically resize properly when resizing window
  • Added ability for individual API calls to ignore multiple error codes instead of just one
  • Changed FsMounts::getFsAdapters method name to FsMounts::getDpFsAdapters to avoid naming collision with XFCloud addon (will need to update FileSystem addon as well if you are using it)
  • The API calls necessary to build the Cloudflare settings page are now run in parallel (it's currently 10 API calls that were previously made sequentially). Viewing (and editing) settings is significantly faster now (it's as fast as the single slowest API call, rather than as slow as all 10 API calls added together).
  • Added more sanity checks for unexpected Cloudflare API results
  • Fixed issue where old public domains wouldn't get enabled when setting up R2 bucket for XenForo data (in a situation where it was an already existing bucket that already had public domain(s) assigned)
  • Added link for info about why each Cloudflare token permission is needed
  • Updated deep links into R2 buckets to use new URL endpoint
  • Suppress Cloudflare rate limit error when purging URLs from cache when guest page caching is enabled (a very high traffic site could hit API rate limits if there's a zillion posts flowing in at once)
  • Better handling of situation where Cloudflare API is down/unavailable
  • Cloudflare Workers that are created for the image proxy and unfurl proxy have been rewritten to be ES Modules instead of Service Workers
  • Removed "Security -> Privacy Pass Support" setting (it's been deprecated by Cloudflare and is no longer used)
  • The Cloudflare Fonts option ID has changed. This addresses that (it's what I get for giving the ability to toggle options that Cloudflare has deemed "beta"... they are subject to change).
  • Added a sanity check so if future option IDs change, it won't throw an error (along with not being able to change them). Instead, that option won't change until the ID is updated.
Better handling of unexpected Cloudflare API changes.
  • Added support for new Cloudflare setting: Speed -> Optimization -> Content Optimization -> Cloudflare Fonts
  • When using "Easy config", set "Security level" to "Essentially off" (was set to "Medium" before)
  • Easy config enables Cloudflare Fonts
Augh! the new option group wasn't included in the 1.7.2 build (sorry)...

This fixes that.
  • Can use R2 for storage without site being a domain/zone in Cloudflare
  • Made change to XenForo's attachment data entity to be more efficient (normally XenForo checks if an attachment exists before making an additional call to actually get it). This will reduce an API call for every attachment view because we don't need to check if the attachment exists (we know it does already because we have a record of it in attachment data).
  • Added new option: Use presigned URLs for attachments stored in R2 (allows attachments stored in R2 to be viewed directly by the user, rather than you server needing to download the attachment to pass it through to the user)
The presigned URL thing is particularly interesting... a remote storage system like R2 has your server checking user permissions to see if a user can view something, then it makes an API call to fetch the file/object and then passes that through to the user.

As an example, if you have a 10MB attachment, your server first needs to download 10MB and then it sends that 10MB to the end user (so there's the time it takes to download the attachment from R2 and as well as 20MB total bandwidth happening on your server... 10MB in, then 10MB out). With presigned URLs, your server does the permission check and then if the user has permission to view the attachment, the user is redirected to a unique URL that expires in 60 seconds to fetch the attachment. This means attachments are viewed faster for end-users and your server isn't wasting bandwidth passing it through to the user.

Presigned URLs that expire and can't be changed by users is done with cryptographic signing (hence the name, presigned URLs).
Fix for issue when trying to enable guest page caching (ends up in a loop). Only needed if you don't have guest page caching enabled and you want to enable it.