0.2.1

• Fix bug #8. Accept empty list as value for Access-Control-Request-Headers.

0.2

This version may break existing code by changing the type of CorsResourcePolicy.

This version changes the behavior of simpleCorsResourcePolicy: Before it was a failure when the request didn't contain an @Origin@ header. With this version the request is passed unchanged to the application. If an failure occurs during CORS processing the response has HTTP status 400 (bad request) and contains a short error messages. This behavior can be changed with the new settings corsRequireOrigin and corsIgnorefailure.

• Remove setting corsVerboseResponse from CorsResourcePolicy.

• Add new settings corsRequireOrigin and corsIgnoreFailure to CorsResourcePolicy.

0.1.4

• Support wai-3

0.1.3

• Improved documentation

0.1.2

• Export type synonym Origin

• New easy-to-use middleware function simpleCors that supports just simple cross-origin requests

• The new value simpleCorseResourcePolicy is a CorseResourcePolicy for simple cross-origin requests.

• Documentation has been slightly improved

• Some code for testing simpleCors from a browser

0.1.1

• Drop redundant dependencies on lens and ghc-prim

• Fix typo in HTTP header field name Access-Control-Allow-Credentials

0.1.0

• Initial version