adamchainz/django-cors-headers (django-cors-headers)
### [`v4.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#440-2024-06-19)
[Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.1...4.4.0)
- Support Django 5.1.
### [`v4.3.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#431-2023-11-14)
[Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.0...4.3.1)
- Fixed ASGI compatibility on Python 3.12.
Thanks to Adrian Capitanu for the report in `Issue #908 `\__ and Rooyal in `PR #911 `\__.
### [`v4.3.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#430-2023-10-11)
[Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.2.0...4.3.0)
- Avoid adding the `access-control-allow-credentials` header to unallowed responses.
Thanks to Adam Romanek in `PR #888 `\__.
- Support Django 5.0.
### [`v4.2.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#420-2023-07-10)
[Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.1.0...4.2.0)
- Drop Python 3.7 support.
### [`v4.1.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#410-2023-06-14)
[Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.0.0...4.1.0)
- Support Python 3.12.
### [`v4.0.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#400-2023-05-12)
[Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.14.0...4.0.0)
- Add `CORS_ALLOW_PRIVATE_NETWORK` setting, which enables support for the Local Network Access draft specification.
Thanks to Issac Kelly in `PR #745 `\__ and jjurgens0 in `PR #833 `\__.
- Remove three headers from the default "accept list": `accept-encoding`, `dnt`, and `origin`.
These are `Forbidden header names `\__, which means requests JavaScript can never set them.
Consequently, allowing them via CORS has no effect.
Thanks to jub0bs for the report in `Issue #842 `\__.
- Drop the `CORS_REPLACE_HTTPS_REFERER` setting and `CorsPostCsrfMiddleware`.
Since Django 1.9, the `CSRF_TRUSTED_ORIGINS` setting has been the preferred solution to making CSRF checks pass for CORS requests.
The removed setting and middleware only existed as a workaround for Django versions before 1.9.
- Add async support to the middleware, reducing overhead on async views.
Configuration
📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
^3.11.0
->^4.0.0
Release Notes
adamchainz/django-cors-headers (django-cors-headers)
### [`v4.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#440-2024-06-19) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.1...4.4.0) - Support Django 5.1. ### [`v4.3.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#431-2023-11-14) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.0...4.3.1) - Fixed ASGI compatibility on Python 3.12. Thanks to Adrian Capitanu for the report in `Issue #908Configuration
📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.