Changelog of @hackage/wai-cors 0.2.7

0.2.7 (2019-06-06)

  • Remove support for wai<3 and older versions of GHC from the code base.
  • Fix a documentation bug #23.

0.2.6 (2017-12-01)

  • Removed ghc-7.6.3 and versions of wai<3.0 from the CI test matrix. These versions are still supported in the code but cabal may need some manual help to resolve dependencies.

  • Fixes and improvements to the documentation. Thanks to Frederik Hanghøj Iversen, Alex Collins, and Maximilian Tagher.

0.2.5

  • Support GHC-8.0.1.

  • Removed dependencies on parsers package.

0.2.4

  • Fix bug #1. Response header Vary: Origin is now included when corsVaryOrigin is True and corsOrigins does not equal Nothing.

0.2.3

0.2.2

  • Support GHC-7.10/base-4.8 without compiler warnings.

  • Drop dependency on errors package.

0.2.1

  • Fix bug #8. Accept empty list as value for Access-Control-Request-Headers.

0.2

This version may break existing code by changing the type of CorsResourcePolicy.

This version changes the behavior of simpleCorsResourcePolicy: Before it was a failure when the request didn't contain an @Origin@ header. With this version the request is passed unchanged to the application. If an failure occurs during CORS processing the response has HTTP status 400 (bad request) and contains a short error messages. This behavior can be changed with the new settings corsRequireOrigin and corsIgnorefailure.

  • Remove setting corsVerboseResponse from CorsResourcePolicy.

  • Add new settings corsRequireOrigin and corsIgnoreFailure to CorsResourcePolicy.

0.1.4

  • Support wai-3

0.1.3

  • Improved documentation

0.1.2

  • Export type synonym Origin

  • New easy-to-use middleware function simpleCors that supports just simple cross-origin requests

  • The new value simpleCorseResourcePolicy is a CorseResourcePolicy for simple cross-origin requests.

  • Documentation has been slightly improved

  • Some code for testing simpleCors from a browser

0.1.1

  • Drop redundant dependencies on lens and ghc-prim

  • Fix typo in HTTP header field name Access-Control-Allow-Credentials

0.1.0

  • Initial version