Cross Origin Resource Sharing ( CORS ) support for Flask
Fixes incorrect handling of regexes containg '[', and a few other special characters. https://github.com/corydolphin/flask-cors/issues/212
Handle response.headers being None. (Fixes issue #217) Thanks @dusktreader for the improvement!
Ensure that an Origin of '*' is never sent if supports_credentials is True (fixes Issue #202)
always_send=True
, and '*'
is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins
header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.Fixes Issue #187: regression whereby header (and domain) matching was incorrectly case sensitive. Now it is not, making the behavior identical to 2.X and 1.X.
Fixes Issue #183: regression whereby regular expressions for origins with an "?" are not properly matched.
Thanks @di for the report!
This release is largely a number of small bug fixes and improvements, along with a default change in behavior, which is technically a breaking change.
Breaking Change We added an always_send option, enabled by default, which makes Flask-CORS inject headers even if the request did not have an 'Origin' header. Because this makes debugging far easier, and has very little downside, it has also been set as the default, making it technically a breaking change. If this actually broke something for you, please let me know, and I'll help you work around it. (#156) c7a1ecdad375a796155da6aca6a1f750337175f3
Other improvements:
Fixes Vary:Origin header sending behavior when regex origins are used.
Fixes package installation. Requirements.txt was not included in Manifest.
Stop dynamically referecing logger. Disable internal logging by default and reduce logging verbosity
Adds support for Flask Blueprints.
You may now pass a Flask Blueprint to the CORS extension, and it will work as expected.
Thanks @Bob131for the feature request! https://github.com/corydolphin/flask-cors/issues/128