Add feature to allow disabling of my credits as much as credit to be recieved is nice i do understand and realise people do not want to display them on their sites hence why i made it a feature to allow you to remove them easily and swiftly. :)
Add Enable/disable script this feature allows you to turn on or off this script so you can leave this file in your nginx configuration permamently.
This way you don't have to remove `access_by_lua_file anti_ddos_challenge.lua;` to stop protecting your websites :) you can set up your nginx config and use this feature to enable or disable protection.
Remove un-needed Javascript from my development stages where i planned Javascript based header response checks all not needed.
Change Javascript page refresh method from `window.location.reload();` to `location.reload(true);` as the Mozilla docs tell us we should be reloading pages this way. https://developer.mozilla.org/en-US/docs/Web/API/Location/reload
Fix Nginx Lua Bug with ngx.header["Set-Cookie"] function for some reason it only allows one instance of this header to be defined in a script. So to fix the issue I define the header once and only once in the entire script right at the end and set a variable that can be dynamic in setting multiple cookies.
Add cors headers and include XMLHTTPREQUEST with credentials tag and remove domain tag from set-cookie to fix issue with Google Chrome. Still broken in Microsoft Edge !?
Added Feature built in my method to encrypt and obfuscate Javascript outputs. (I am very proud of this!)
Bug fix: incase certain browsers lack in permissions to set cookies with javascript on the initital header request we will give them their cookie they still need javascript enabled to solve the authentication puzzle that will always be mandatory!
Added X-Requested-* headers for the next feature i am building in
Move current time variable out of configuration area.
Create currentdate variable to stop calling os.date() and os.time() multiple un-needed times.
Fix bug now the auth page only shows when the expire_time config value is set and around the time before if you had set a time greater than one day every 24 hours you would recieve the auth page even if your cookies are valid this expire_time checks solves that problem.
Add new security feature to make the cookies we set encrypted, unpredictable, dynamic and unique to each user/client to increase our security from content scrappers bots leechers etc. Where as before they could monitor static cookie names this prevents that.
Add new security feature to make the header we sent our Javascript answer from the browser over unpredictable and dynamic to increase our security from content scrappers bots leechers etc.
Remove Search Engines from the Browsers Javascript Checking (This will allow search engines to crawl still like Google because they can execute Javascript)
Fix expire_time description to show correct default time of 1 day.
Fix cookie bug when Javascript was setting a cookie it was setting a cookie of 'now' instead of the set config of expire_time into the future when the cookie should expire.
Added the challenge cookie to the headers set by grant_access function to update the cookie set by Javascript since the time stamp on the cookie would be out of sync with the other cookies otherwise this was all cookies will be updated and set/kept with the same time stamps.
