- Fixed requirements to allow Symfony3
- Added an
origin_regex
option to allow defining origins based on regular expressions
- Fixed a security regression in 1.3.2 that allowed GET requests to be executed from any domain
- Removed 403 responses on non-OPTIONS requests that have an invalid origin header
- Fixed path key normalization to allow dashes in paths
- Fixed HTTP method case folding to support clients that send non-uppercased method names
- Added support for host-based configuration of the bundle
- Bumped symfony dependency to 2.1.0+
- Fixed invalid trigger of the CORS check when the Origin header is present on same-host requests
- Fixed fatal error when
allow_methods
was not configured for a given path
- Fixed issue when
allow_origin
is set to*
andallow_credentials
totrue
.
- Added ability to set a wildcard on accept_headers
- Initial release