repos
/
website
1
Fork 0
Code Issues 1 Pull Requests 26 Activity

Update dependency django-cors-headers to v4 - autoclosed #33

Closed
renovate wants to merge 1 commits from renovate/django-cors-headers-4.x into master
pull from: renovate/django-cors-headers-4.x
merge into: repos:master
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate commented 2023-05-12 12:00:48 +01:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
django-cors-headers (changelog) major ==3.14.0 -> ==4.0.0

Release Notes

adamchainz/django-cors-headers

v4.0.0

Compare Source

  • Add CORS_ALLOW_PRIVATE_NETWORK_ACCESS setting, which enables support for the Local Network Access draft specification.

    Thanks to Issac Kelly in PR #&#8203;745 <https://github.com/adamchainz/django-cors-headers/pull/745>__ and jjurgens0 in PR #&#8203;833 <https://github.com/adamchainz/django-cors-headers/pull/833>__.

  • Remove three headers from the default "accept list": accept-encoding, dnt, and origin.
    These are Forbidden header names <https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name>__, which means requests JavaScript can never set them.
    Consequently, allowing them via CORS has no effect.

    Thanks to jub0bs for the report in Issue #&#8203;842 <https://github.com/adamchainz/django-cors-headers/issues/842>__.

  • Drop the CORS_REPLACE_HTTPS_REFERER setting and CorsPostCsrfMiddleware.
    Since Django 1.9, the CSRF_TRUSTED_ORIGINS setting has been the preferred solution to making CSRF checks pass for CORS requests.
    The removed setting and middleware only existed as a workaround for Django versions before 1.9.

  • Add async support to the middleware, reducing overhead on async views.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [django-cors-headers](https://github.com/adamchainz/django-cors-headers) ([changelog](https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst)) | major | `==3.14.0` -> `==4.0.0` | --- ### Release Notes <details> <summary>adamchainz/django-cors-headers</summary> ### [`v4.0.0`](https://github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#&#8203;400-2023-05-12) [Compare Source](https://github.com/adamchainz/django-cors-headers/compare/3.14.0...4.0.0) - Add `CORS_ALLOW_PRIVATE_NETWORK_ACCESS` setting, which enables support for the Local Network Access draft specification. Thanks to Issac Kelly in `PR #&#8203;745 <https://github.com/adamchainz/django-cors-headers/pull/745>`\__ and jjurgens0 in `PR #&#8203;833 <https://github.com/adamchainz/django-cors-headers/pull/833>`\__. - Remove three headers from the default "accept list": `accept-encoding`, `dnt`, and `origin`. These are `Forbidden header names <https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name>`\__, which means requests JavaScript can never set them. Consequently, allowing them via CORS has no effect. Thanks to jub0bs for the report in `Issue #&#8203;842 <https://github.com/adamchainz/django-cors-headers/issues/842>`\__. - Drop the `CORS_REPLACE_HTTPS_REFERER` setting and `CorsPostCsrfMiddleware`. Since Django 1.9, the `CSRF_TRUSTED_ORIGINS` setting has been the preferred solution to making CSRF checks pass for CORS requests. The removed setting and middleware only existed as a workaround for Django versions before 1.9. - Add async support to the middleware, reducing overhead on async views. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS43NC4wIiwidXBkYXRlZEluVmVyIjoiMzUuNzQuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
renovate added 1 commit 2023-05-12 12:00:49 +01:00
renovate changed title from Update dependency django-cors-headers to v4 to Update dependency django-cors-headers to v4 - autoclosed 2023-06-02 16:00:50 +01:00
renovate closed this pull request 2023-06-02 16:00:50 +01:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: repos/website#33
No description provided.
Delete Branch "renovate/django-cors-headers-4.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?