Skip to content

Release 3.0.9

Compare
Choose a tag to compare
@corydolphin corydolphin released this 30 Aug 21:47
· 20 commits to master since this release
91babb9

Security

  • Escape path before evaluating resource rules (thanks @praetorian-colby-morgan). Prior to this, flask-cors incorrectly
    evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for
    "/api/*" whereas the path actually expands simply to "/foo.txt"