Sleep SafeRelease Notes


  • Chg: Recompiled to use latest BedSheet 1.5.16.


  • New: Explicit handling of dodgy JSON data sent to CSP reporter.
  • Chg: Guards may now return an err Obj, not just a Str.
  • Chg: More explicit err msg (and not an NPE) when csrfToken is not found in a multipart form.
  • Chg: CSRF token timeout err msg shows the correct exceed time.


  • New: Added override hook to SleepSafeMiddleware to optionally exempt HTTP requests from being guarded.
  • New: CsrfTokenGuard.validateToken() to manually validate a CSRF token.
  • New: CSRF token timestamp is placed in HttpRequest.stash["afSleepSafe.csrf.tokenTs"] upon verification.
  • Chg: SameOriginGuard is disabled by default as the preferred Referrer-Policy header may interfer with it.
  • Chg: CSP report function now also prints out the User-Agent header.


  • New: Initial release.