v3.0.3

Released to keep tag integrity, equivalent to v3.0.0
Earlier releases pulled

• BREAKING CHANGES / Fixes
  • Remove allow-credentials when set to false (thanks @AntoineAugusti)
  • Don't halt non-CORS OPTIONS requests

v2.0.3

• Fixes
  • Use recent versions of Elixir and Erlang for testing (thanks @anthonator)
  • Fix compilation warnings (thanks @thiamsantos)

v2.0.2

• Fixes
  • Fixes an issue where the plug would error when no CORS header was set
    (thanks @alexeyds)

v2.0.1

• Enhancements
  • Passing a function with arity 2 as origin will pass the conn to the
    function, allowing configuration based on conn (thanks @billionlaughs).
  • You can now pass regexes as part of the list of origins (thanks @gabrielpra1).
• Fixes
  • Fixes an issue where the request was missing the
    access-control-request-headers (thanks @zhhz for the initial report and
    @mfeckie for the fix).

v2.0.0

• Enhancements
  • Instead of sending "null" we don't set the headers at all if the origin doesn't match, as suggested by the CORS draft 7.2. Thanks to @YuLeven for initiating the discussion and @slashmili for fixing it. Since we change the return values I consider this a breaking change and released a new major version.
  • You can now set the option send_preflight_response? to false (it's true by default) to stop CorsPlug sending a response to the frelight request. That way the correct headers are set but it's up to you to respond to the request downstream.

v1.5.2

v.1.5.2

• Fixes
  • Relax version requirements

1.5.1

• Fixes
  • Send proper return value if Access-Control-Request-Headers is not present.
    (thanks @shivamMg)

1.5.0

• Enhancements
  • Allow configuration of origin via function (thanks @mauricioszabo).

1.3.0

• Enhancements
  • Allows configuration via app config (see README.md, thanks @TokiTori).

v1.1.1

• Fixes
  • Return "null" instead of null when no origin matches.

Many thanks to @somlor for the fix!