Skip to content

v9.7.0

Compare
Choose a tag to compare
@github-actions github-actions released this 18 Mar 20:34
c1da41d

New Features

🚀 Improvements

🐛 Bug Fixes

🧽 Optimizations

📝 Documentation

⚠️ CORS Warning

The previous defaults were very permissive to make getting started as easy as possible, but leaving the CORS settings this open can be a security issue. The safer default is to have it disabled completely, and allow an explicit opt-in (ideally with exact domains, rather than the match-origin true).

To go back to the way things were before this release, set CORS_ENABLED=true and CORS_ORIGIN=true. That being said, it's highly recommended to use a domain allow-list, like CORS_ORIGIN=https://directus.io.


Directus refs/tags/v9.7.0