3.2.0:
Converted setuptools metadata to configuration file. This meant removing the __version__ attribute from the package. If you want to inspect the installed version, use importlib.metadata.version("django-cors-headers") (docs / backport).
Support Python 3.8.
3.1.1:
Support the value file:// for origins, which is accidentally sent by some versions of Chrome on Android.
3.1.0:
Drop Python 2 support, only Python 3.5-3.7 is supported now.
Fix all links for move from github.com/ottoyiu/django-cors-headers to github.com/adamchainz/django-cors-headers.
3.0.1:
Allow 'null' in CORS_ORIGIN_WHITELIST check.
3.0.0:
CORS_ORIGIN_WHITELIST now requires URI schemes, and optionally ports. This is part of the CORS specification (Section 3.2) that was not implemented in this library, except from with the CORS_ORIGIN_REGEX_WHITELIST setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure http:// Origins to a secure https:// site.
You will need to update your whitelist to include schemes, for example from this:
CORS_ORIGIN_WHITELIST = ['example.com']
...to this:
CORS_ORIGIN_WHITELIST = ['https://example.com']
Removed the CORS_MODEL setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you are using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for check_request_enabled that reads from your model. Note you'll need to handle the move to include schemes for Origins.
2.4.0:
Always add 'Origin' to the 'Vary' header for responses to enabled URL's, to prevent caching of responses intended for one origin being served for another.
2.3.0:
Match CORS_URLS_REGEX to request.path_info instead of request.path, so the patterns can work without knowing the site's path prefix at configuration time.
2.2.0:
Django 2.0 compatibility. Again there were no changes to the actual library code, so previous versions probably work.
Ensured that request._cors_enabled is always a bool() - previously it could be set to a regex match object.
django-cors-headers is a Django App that adds CORS (Cross-Origin Resource
Sharing) headers to responses.
Although JSON-P is useful, it is strictly limited to GET requests. CORS builds
on top of XmlHttpRequest to allow developers to make cross-domain requests,
similar to same-domain requests.
