- Remove support for
wai<3and older versions of GHC from the code base. - Fix a documentation bug #23.
-
Removed ghc-7.6.3 and versions of wai<3.0 from the CI test matrix. These versions are still supported in the code but cabal may need some manual help to resolve dependencies.
-
Fixes and improvements to the documentation. Thanks to Frederik Hanghøj Iversen, Alex Collins, and Maximilian Tagher.
-
Support GHC-8.0.1.
-
Removed dependencies on parsers package.
- Fix bug #1.
Response header
Vary: Originis now included whencorsVaryOriginisTrueandcorsOriginsdoes not equalNothing.
-
Added a test-suite to the package that uses PhantomJS to simulate a browser client.
-
Pass on websocket requests unchanged to the application. Add documentation that reminds the application author to check the
Originheader for websocket requests. -
Move development source repository from https://github.com/alephcloud/wai-cors to https://github.com/larskuhtz/wai-cors.
-
Support GHC-7.10/base-4.8 without compiler warnings.
-
Drop dependency on errors package.
- Fix bug #8.
Accept empty list as value for
Access-Control-Request-Headers.
This version may break existing code by changing the type of
CorsResourcePolicy.
This version changes the behavior of simpleCorsResourcePolicy: Before
it was a failure when the request didn't contain an @Origin@ header.
With this version the request is passed unchanged to the application.
If an failure occurs during CORS processing the response has HTTP status
400 (bad request) and contains a short error messages. This behavior
can be changed with the new settings corsRequireOrigin and
corsIgnorefailure.
-
Remove setting
corsVerboseResponsefromCorsResourcePolicy. -
Add new settings
corsRequireOriginandcorsIgnoreFailuretoCorsResourcePolicy.
- Support wai-3
- Improved documentation
-
Export type synonym
Origin -
New easy-to-use middleware function
simpleCorsthat supports just simple cross-origin requests -
The new value
simpleCorseResourcePolicyis aCorseResourcePolicyfor simple cross-origin requests. -
Documentation has been slightly improved
-
Some code for testing
simpleCorsfrom a browser
-
Drop redundant dependencies on lens and ghc-prim
-
Fix typo in HTTP header field name
Access-Control-Allow-Credentials
- Initial version