All notable changes to this project will be documented in this file.
- Don't send 'Content-Type' header with pre-flight requests
- Allow ruby array for vary header config
- Automatically allow simple headers when headers are set
- Allow lambda origin configuration
- Don't implicitly accept 'null' origins when 'file://' is specified (cyu#134)
- Ignore '' origins (cyu#139)
- Default credentials option on resources to false (cyu#95)
- Don't allow credentials option to be true if '*' is specified is origin (cyu#142)
- Don't reflect Origin header when '*' is specified as origin (cyu#142)
- Don't respond immediately on non-matching preflight requests instead of sending them through the app (cyu#106)
- Return miss result in X-Rack-CORS instead of incorrectly returning preflight-hit
- Don't set HTTP_ORIGIN with HTTP_X_ORIGIN if nil
- Calculate vary headers for non-CORS resources
- Support custom vary headers for resource
- Support :if option for resource
- Support :any as a possible value for :methods option
- Don't symbolize incoming HTTP request methods
- Changed the env key to rack.cors to avoid Rack::Lint warnings
- Added support for defining a logger with a Proc
- Return a X-Rack-CORS header when in debug mode detailing how Rack::Cors processed a request
- Added support for non HTTP/HTTPS origins when just a domain is specified
- Changed the log level of the fallback logger to DEBUG
- Print warning when attempting to use :any as an allowed method
- Treat incoming
Origin: nullheaders as file://