NelmioCorsBundle Versions Save

Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application

2.4.0

5 months ago

What's Changed

Added Symfony 7 support (#193)
Dropped Symfony 4 support (#193)
Added bundle config (#184)

Full Changelog: https://github.com/nelmio/NelmioCorsBundle/compare/2.3.1...2.4.0

2.3.1

1 year ago

Allow psr/log ^2 || ^3 by @michalbundyra in https://github.com/nelmio/NelmioCorsBundle/pull/182

Full Changelog: https://github.com/nelmio/NelmioCorsBundle/compare/2.3.0...2.3.1

2.3.0

1 year ago

Downgraded CacheableResponseVaryListener's priority from 0 to -10 to ensure it runs after FrameworkExtraBundle listeners have set their cache headers (#179)
Added optional logging support if you inject a Logger into the CorsListener you can get debug info about the whole CORS decision process (#173)
Added support for setting expose_headers to a wildcard '*' which exposes all headers, this works as long as allow_credentials is not enabled as per the spec (#132)
Added skip_same_as_origin flag (default to true which is the old behavior) to allow opting out of skipping the CORS headers in the response if the Origin matches the application's hostname (#178)
Fixed ProviderMock having an invalid return type (#169)
Dropped support for Symfony 4.3 and 5.0 to 5.3

2.2.0

2 years ago

Added support for Symfony 6

2.1.1

3 years ago

Fixed response for unauthorized headers containing a reflected XSS (https://github.com/nelmio/NelmioCorsBundle/pull/163)

2.1.0

3 years ago

Added Vary: Origin header to cacheable responses to make sure proxies cache them correctly

2.0.1

4 years ago

Reverted CorsListener priority change as it was interfering with normal operations. The priority is back at 250.

2.0.0

4 years ago

BC Break: Downgraded CorsListener priority from 250 to 28, this should not affect anyone but could be a source in case of strange bugs
BC Break: Removed support for Symfony <4.3
BC Break: Removed support for PHP <7.1
Added support for Symfony 5
Added support for configuration via env vars
Changed the code to avoid mutating the EventDispatcher at runtime
Changed the code to avoid returning Access-Control-Allow-Origin: null headers to mark blocked requests

1.5.6

4 years ago

Fixed preflight request handler hijacking regular non-CORS OPTIONS requests.

1.5.5

5 years ago

Compatibility with Symfony 4.1
Fixed preflight responses to always include Origin in the Vary HTTP header