init
This commit is contained in:
Marek
110
backend/vendor/nelmio/cors-bundle/CHANGELOG.md
vendored
Normal file
110
backend/vendor/nelmio/cors-bundle/CHANGELOG.md
vendored
Normal file
@@ -0,0 +1,110 @@
|
||||
Newer changelog entries can be found in the [GitHub Releases](https://github.com/nelmio/NelmioCorsBundle/releases)
|
||||
|
||||
### 2.3.0 (2023-02-15)
|
||||
|
||||
* Downgraded `CacheableResponseVaryListener`'s priority from 0 to -10 to ensure it runs after FrameworkExtraBundle listeners have set their cache headers (#179)
|
||||
* Added optional logging support if you inject a Logger into the CorsListener you can get debug info about the whole CORS decision process (#173)
|
||||
* Added support for setting `expose_headers` to a wildcard `'*'` which exposes all headers, this works as long as allow_credentials is not enabled as per the spec (#132)
|
||||
* Added `skip_same_as_origin` flag (default to true which is the old behavior) to allow opting out of skipping the CORS headers in the response if the Origin matches the application's hostname (#178)
|
||||
* Fixed ProviderMock having an invalid return type (#169)
|
||||
* Dropped support for Symfony 4.3 and 5.0 to 5.3
|
||||
|
||||
### 2.2.0 (2021-12-01)
|
||||
|
||||
* Added support for Symfony 6
|
||||
|
||||
### 2.1.1 (2021-04-20)
|
||||
|
||||
* Fixed response for unauthorized headers containing a reflected XSS (https://github.com/nelmio/NelmioCorsBundle/pull/163)
|
||||
|
||||
### 2.1.0 (2020-07-22)
|
||||
|
||||
* Added `Vary: Origin` header to cacheable responses to make sure proxies cache them correctly
|
||||
|
||||
### 2.0.1 (2019-11-15)
|
||||
|
||||
* Reverted CorsListener priority change as it was interfering with normal operations. The priority is back at 250.
|
||||
|
||||
### 2.0.0 (2019-11-12)
|
||||
|
||||
* BC Break: Downgraded CorsListener priority from 250 to 28, this should not affect anyone but could be a source in case of strange bugs
|
||||
* BC Break: Removed support for Symfony <4.3
|
||||
* BC Break: Removed support for PHP <7.1
|
||||
* Added support for Symfony 5
|
||||
* Added support for configuration via env vars
|
||||
* Changed the code to avoid mutating the EventDispatcher at runtime
|
||||
* Changed the code to avoid returning `Access-Control-Allow-Origin: null` headers to mark blocked requests
|
||||
|
||||
### 1.5.6 (2019-06-17)
|
||||
|
||||
* Fixed preflight request handler hijacking regular non-CORS OPTIONS requests.
|
||||
|
||||
### 1.5.5 (2019-02-27)
|
||||
|
||||
* Compatibility with Symfony 4.1
|
||||
* Fixed preflight responses to always include `Origin` in the `Vary` HTTP header
|
||||
|
||||
### 1.5.4 (2017-12-11)
|
||||
|
||||
* Compatibility with Symfony 4
|
||||
|
||||
### 1.5.3 (2017-04-24)
|
||||
|
||||
* Fixed regression in 1.5.2
|
||||
|
||||
### 1.5.2 (2017-04-21)
|
||||
|
||||
* Fixed bundle initialization in case paths is empty
|
||||
|
||||
### 1.5.1 (2017-01-22)
|
||||
|
||||
* Fixed `forced_allow_origin_value` to always set the header regardless of CORS, so that requests can properly be cached even if they are not always accessed via CORS
|
||||
|
||||
### 1.5.0 (2016-12-30)
|
||||
|
||||
* Added an `forced_allow_origin_value` option to force the value that is returned, in case you cache responses and can not have the allowed origin automatically set to the Origin header
|
||||
* Fixed `Access-Control-Allow-Headers` being sent even when it was empty
|
||||
* Fixed listener priority down to 250 (This **may be BREAKING** depending on what you do with your own listeners, but should be fine in most cases, just watch out).
|
||||
|
||||
### 1.4.1 (2015-12-09)
|
||||
|
||||
* Fixed requirements to allow Symfony3
|
||||
|
||||
### 1.4.0 (2015-01-13)
|
||||
|
||||
* Added an `origin_regex` option to allow defining origins based on regular expressions
|
||||
|
||||
### 1.3.3 (2014-12-10)
|
||||
|
||||
* Fixed a security regression in 1.3.2 that allowed GET requests to be executed from any domain
|
||||
|
||||
### 1.3.2 (2014-09-18)
|
||||
|
||||
* Removed 403 responses on non-OPTIONS requests that have an invalid origin header
|
||||
|
||||
### 1.3.1 (2014-07-21)
|
||||
|
||||
* Fixed path key normalization to allow dashes in paths
|
||||
* Fixed HTTP method case folding to support clients that send non-uppercased method names
|
||||
|
||||
### 1.3.0 (2014-02-06)
|
||||
|
||||
* Added support for host-based configuration of the bundle
|
||||
|
||||
### 1.2.0 (2013-10-29)
|
||||
|
||||
* Bumped symfony dependency to 2.1.0+
|
||||
* Fixed invalid trigger of the CORS check when the Origin header is present on same-host requests
|
||||
* Fixed fatal error when `allow_methods` was not configured for a given path
|
||||
|
||||
### 1.1.1 (2013-08-14)
|
||||
|
||||
* Fixed issue when `allow_origin` is set to `*` and `allow_credentials` to `true`.
|
||||
|
||||
### 1.1.0 (2013-07-29)
|
||||
|
||||
* Added ability to set a wildcard on accept_headers
|
||||
|
||||
### 1.0.0 (2013-01-07)
|
||||
|
||||
* Initial release
|
||||
Reference in New Issue
Block a user