Releases: corydolphin/flask-cors
Releases · corydolphin/flask-cors
Release 4.0.0
What's Changed
- Remove support for Python versions older than 3.8 by @WAKayser in #330
- Add GHA tooling by @corydolphin in #331
New Contributors
Full Changelog: 3.1.01...v4.0.0
Contributors
corydolphin and WAKayser
Assets 2
3.1.01
What's Changed
- Include examples to specify that schema and port must be included in … by @YPCrumble in #294
- two small changes to the documentation, based on issue #290 by @bbbart in #291
- Fix typo by @sunarch in #304
- FIX: typo in CSRF by @sattamjh in #315
- Test against recent Python versions by @pylipp in #314
- Correct spelling mistakes by @EdwardBetts in #311
- 'Access-Control-Allow-Private-Network = true' header for http response by @chelo-kjml in #318
- docs: Fix a few typos by @timgates42 in #323
- [Docs] Fix typo in configuration documentation by @sachit-shroff in #316
- Release Version 3.1.01 by @corydolphin in #329
New Contributors
- @YPCrumble made their first contribution in #294
- @sunarch made their first contribution in #304
- @sattamjh made their first contribution in #315
- @pylipp made their first contribution in #314
- @EdwardBetts made their first contribution in #311
- @chelo-kjml made their first contribution in #318
- @sachit-shroff made their first contribution in #316
Full Changelog: 3.0.10...3.1.01
Contributors
EdwardBetts, corydolphin, and 8 other contributors
Assets 2
Release 3.0.10
- Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370
- Fixes warnings for invalid escape sequences Thanks @tirkarthi
Release 3.0.9
Security
- Escape path before evaluating resource rules (thanks @praetorian-colby-morgan). Prior to this, flask-cors incorrectly
evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for
"/api/*" whereas the path actually expands simply to "/foo.txt"
Release 3.0.8
Fixes DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
Thank you @juanmaneo and @jdevera!
Release 3.0.7
Updated logging.warn to logging.warning (#234) Thanks Vaibhav
Release 3.0.6
Manual error in release process. Identical contents at 3.0.5.
Release 3.0.5
Fixes incorrect handling of regexes containg '[', and a few other special characters. https://github.com//issues/212
Release 3.0.4
Handle response.headers being None. (Fixes issue #217) Thanks @dusktreader for the improvement!
Release 3.0.3
Ensure that an Origin of '*' is never sent if supports_credentials is True (fixes Issue #202)
- If
always_send=True, and'*'is in the allowed origins, and a request is made without an Origin header, noAccess-Control-Allow-Originsheader will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.