Releases · corydolphin/flask-cors

If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

Assets 2

08 Sep 05:56

corydolphin

3.0.2

2779e6a

Release 3.0.2

Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.

Assets 2

31 Aug 21:17

corydolphin

3.0.1

fe7c6d1

Release 3.0.1

Fixes Issue #183: regression whereby regular expressions for origins with an "?" are not properly matched.

Thanks @di for the report!

Assets 2

20 Aug 05:27

corydolphin

3.0.0

c848d9c

Release 3.0.0

This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.

Breaking Change
We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an 'Origin' header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I'll help you work around it. (#156) c7a1ecd

Other improvements:

Adds building of universal wheels (#175) 4674c3d
Makes Flask-CORS compatible with OAuthLib's custom header class ... (#172) aaaf904
Fixes incorrect substring matches when strings are used as origins or headers (#165) 9cd3f29
Fixes logging when unknown options are supplied (#152) bddb13c