Datasette-auth-existing-cookies

- New `trust_x_forwarded_proto` configuration setting to fix issues with the incorrect `?next=` URL being generated when running behind a proxy that adds `https://`. #8
- The `api_url` used to check the user's identity can now also perform permission checks, returning `{"forbidden": "Reason string here"}` if the authenticated user should not be allowed access to the Datasette instance specified by the `?host=` parameter. 9 - documentation here: https://github.com/simonw/datasette-auth-existing-cookies/blob/master/README.md#permissions

Fixed error caused by `host=` URL construction.

The API URL is now called with a `?host=blah.example.com` argument, allowing the underlying API to make permission decisions based on the host.

First non-beta release.

- Cookie signing secret can now be set using `metadata.json`, or will be automatically generated on first run
- Optional `next_secret` secret can be used to sign the `?next_sig=` parameter when redirecting to the login page

- Renamed from datasette-auth-cookies-api