- New `trust_x_forwarded_proto` configuration setting to fix issues with the incorrect `?next=` URL being generated when running behind a proxy that adds `https://`. #8
- The `api_url` used to check the user's identity can now also perform permission checks, returning `{"forbidden": "Reason string here"}` if the authenticated user should not be allowed access to the Datasette instance specified by the `?host=` parameter. 9 - documentation here: https://github.com/simonw/datasette-auth-existing-cookies/blob/master/README.md#permissions