[DigitalPoint] App for Cloudflare® 1.9.6

IMPORTANT for existing users: New functionality requires 3 additional API permissions in order to use the new functions.

• Account.Account Settings: Read
• Account.Account Settings: Edit
• User.API Token: Read

For whatever reason, Account.Account Settings: Read isn't granted implicitly with Account.Account Settings: Edit.

Not sure why (maybe a current Cloudflare bug?), but the User.API Token: Read permission can't currently be added manually to tokens (initially or after the fact). The only workaround I could figure out is to create a new token via this link: Create new token with pre-filled permissions

At this point, you should have a total of 22 permissions for your API token (if you are going for full functionality).

What's new:

• Added support for Cloudflare web analytics (requires two additional API permissions for your token (Account.Account Settings: Read & Account.Account Settings: Edit), for those upgrading from a previous version)
• Token permissions are automatically checked (requires an additional API permissions for your token (User.API Token: Read), for those upgrading from a previous version)
• Removed option: Speed -> Other -> Signed Exchanges (deprecated as of Oct 20, 2025)
• Removed option: Speed -> Other -> AMP Real URL (deprecated as of Oct 20, 2025)

The newly used User.API Token: Read permission does not allow the actual token to be read for current or any other tokens (it's not a potential security issue). It does a backend check of permissions and lets you see visually if anything is missing (permissions in green are allowed with your token, permissions in grey are not granted).

• Limit preloading to 10 resources
• Timeframe bar for analytics on admin index uses style variables
• Removed option: Speed -> Image Optimization -> Mirage (deprecated as of Sept 15, 2025)

• Updated charting library (Chart.js) to 4.5.0
• Make use of XF\Util\Ip::stringToBinary & XF\Util\Ip::binaryToString if using XenForo >= 2.3
• Firewall option to force registration challenge removed (no longer needed now that Turnstile is supported)
• Removed option to force contact and registration pages to not be an overlay (was used in conjunction with the registration challenge that was removed)
• New option (Preload resources): automatically adds Link header that includes JavaScript and CSS URLs for the page (tells browsers to preload resources used by the page)

Fixes an issue where if you have other addons that extend the XF\Templater class, with an execution order higher than 1000, and you are trying to view IP addresses that were logged without an associated geo-location record for that IP.

• Removed use of is_callable() (PHP 8.2+ compatibility change)
• Added Cloudflare setting: Security -> Bots -> AI Labyrinth

• Fixed issue with geo-location of user IPs in admin area on latest versions of PHP
• Fixed issue with geo-location when users are viewing their own IP addresses

• Get user IP from request class rather than PHP global variable
• Geo-location flags work for article authors
• Don't log geo-location info for sessions if using XenForo < 2.2.8 (required method wasn't introduced until XF 2.2.8)
• Internally simplified how geo-location flag CSS is generated