View Source Changelog
v3-0-3-2022-03-02
v3.0.3 - 2022-03-02
Released to keep tag integrity, equivalent to v3.0.0
- BREAKING CHANGES / Fixes
- Remove allow-credentials when set to false (thanks @AntoineAugusti)
- Don't halt non-CORS OPTIONS requests
v2-0-3-2021-02-06
v2.0.3 - 2021-02-06
- Fixes
- Use recent versions of Elixir and Erlang for testing (thanks @anthonator)
- Fix compilation warnings (thanks @thiamsantos)
v2-0-2-2020-02-18
v2.0.2 - 2020-02-18
- Fixes
- Fixes an issue where the plug would error when no CORS header was set (thanks @alexeyds)
v2-0-1-2020-01-26
v2.0.1 - 2020-01-26
- Enhancements
- Passing a function with arity 2 as
origin
will pass theconn
to the function, allowing configuration based on conn (thanks @billionlaughs). - You can now pass regexes as part of the list of origins (thanks @gabrielpra1).
- Passing a function with arity 2 as
- Fixes
- Fixes an issue where the request was missing the
access-control-request-headers
(thanks @zhhz for the initial report and @mfeckie for the fix).
- Fixes an issue where the request was missing the
v2-0-0-2018-11-06
v2.0.0 - 2018-11-06
- Enhancements
- Instead of sending
"null"
we don't set the headers at all if the origin doesn't match, as suggested by the CORS draft 7.2. Thanks to @YuLeven for initiating the discussion and @slashmili for fixing it. Since we change the return values I consider this a breaking change and released a new major version. - You can now set the option
send_preflight_response?
tofalse
(it'strue
by default) to stopCorsPlug
sending a response to the preflight request. That way the correct headers are set but it's up to you to respond to the request downstream.
- Instead of sending
v1-5-2-2018-03-19
v1.5.2 - 2018-03-19
- Fixes
- Relax version requirements
v1-5-1-2018-03-14
v1.5.1 - 2018-03-14
- Fixes
- Send proper return value if
Access-Control-Request-Headers
is not present. (thanks @shivamMg)
- Send proper return value if
v1-5-0-2017-12-06
v1.5.0 - 2017-12-06
- Enhancements
- Allow configuration of origin via function (thanks @mauricioszabo).
v1-4-0-2017-01-13
v1.4.0 - 2017-01-13
- Enhancements
- Allows both
*
as well as specific domains in theorigins
config, returns the corresponding value (thanks @mustafaturan)
- Allows both
- Fixes
- Don't overwrite
vary
header values with"Origin"
, instead append it. - Don't set
vary
header to empty string if not needed. - Use
Plug.Conn.merge_resp_headers/2
- Don't overwrite
New major release because of the vary
header changes, I don't expect this
to break anything.
v1-3-0-2017-05-24
v1.3.0 - 2017-05-24
- Enhancements
- Allows configuration via app config (see README.md, thanks @TokiTori).
v1-2-1-2017-02-07
v1.2.1 - 2017-02-07
- Fixes
- Match for exact origin only (thanks @somlor and @JordanAdams).
- Add Vary to response header (thanks @linjunpop).
v1-2-0-2017-02-07
v1.2.0 - 2017-02-07
- Fixes
- Remove cowboy dependency. Plug should be server-agnostic and this plug does not need cowboy. Thanks to @hauleth and @ewitchin for making me aware.
As I changed dependency this is a minor release. I don't anticipate any regressions tho.
v1-1-4-2017-05-24
v1.1.4 - 2017-05-24
- Fixes
- Add method parens to suppress Elixir 1.4.0 warnings (thanks @seivan).
v1-1-3-2016-12-24
v1.1.3 - 2016-12-24
- Enhancements
- Support regex for
origin
(thanks @somlor)
- Support regex for
v1-1-2-2016-05-08
v1.1.2 - 2016-05-08
- Enhancements
- Allow client to set
allow-headers
by sendingrequest-headers
when using a wildcard.
- Allow client to set
This enhancement is brought to you by @arathunku
v1-1-1-2016-03-11
v1.1.1 - 2016-03-11
- Fixes
- Return "null" instead of null when no origin matches.
Many thanks to @somlor for the fix!
v1-1-0-2016-02-10
v1.1.0 - 2016-02-10
- Enhancements
- Allow multiple origins. When configuring you can now pass a list for
origins
(plug: CORSPlug, origin: ~w(example1.com example2.com)
).
- Allow multiple origins. When configuring you can now pass a list for
- Fixes
Access-Control-Expose-Headers
now works
Both of these have been brought to you by @jer-k - many thanks!
v1-0-0-2016-01-22
v1.0.0 - 2016-01-22
- Fixes
- Don't override headers. Earlier headers would've been overriden by the CORS Plug. Amazing that this hasn't popped up before...
As this makes a backward-incompatible change (no longer overriding headers this is a new major).
v0-1-4-2015-09-24
v0.1.4 - 2015-09-24
- Enhancements
- Add
Access-Control-Expose-Headers
(thanks @jaketrent)
- Add
v0-1-3-2015-07-09
v0.1.3 - 2015-07-09
- Enhancements
- Add license
- Improve readme (thanks @leighhalliday, @patricksrobertson)
- Simplify travis.yml (thanks @lowks)
v0-1-2-2015-02-12
v0.1.2 - 2015-02-12
- Release plug dependency