Update dependency django-cors-headers to v4 - autoclosed #33
Loading…
Reference in New Issue
No description provided.
Delete Branch "renovate/django-cors-headers-4.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
==3.14.0
->==4.0.0
Release Notes
adamchainz/django-cors-headers
v4.0.0
Compare Source
Add
CORS_ALLOW_PRIVATE_NETWORK_ACCESS
setting, which enables support for the Local Network Access draft specification.Thanks to Issac Kelly in
PR #​745 <https://github.com/adamchainz/django-cors-headers/pull/745>
__ and jjurgens0 inPR #​833 <https://github.com/adamchainz/django-cors-headers/pull/833>
__.Remove three headers from the default "accept list":
accept-encoding
,dnt
, andorigin
.These are
Forbidden header names <https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name>
__, which means requests JavaScript can never set them.Consequently, allowing them via CORS has no effect.
Thanks to jub0bs for the report in
Issue #​842 <https://github.com/adamchainz/django-cors-headers/issues/842>
__.Drop the
CORS_REPLACE_HTTPS_REFERER
setting andCorsPostCsrfMiddleware
.Since Django 1.9, the
CSRF_TRUSTED_ORIGINS
setting has been the preferred solution to making CSRF checks pass for CORS requests.The removed setting and middleware only existed as a workaround for Django versions before 1.9.
Add async support to the middleware, reducing overhead on async views.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
Update dependency django-cors-headers to v4to Update dependency django-cors-headers to v4 - autoclosedPull request closed