v2.0.0

Added

• #59 Added support for php 7.1, 7.2 and 7.3 versions

Changed

• #54 [BC Break] Changed \ZfrCors\Mvc\CorsRequestListener event MvcEvent::EVENT_ROUTE priority with has slight chance to cause BC Break.

Deprecated

• Nothing.

Removed

• #59 Removed support for hhvm, php 5.6 and 7.0 versions

Fixed

• #53, #54 Method Routes preflight
• #55 Fixed README.md documentation for route-based configurations
• #56 Fixed issue with zendframework/zend-http v2.8
• #58, #57 The second step of the CORS request need router params

v1.5.0

• You may now configure rules per-route within zend-mvc route configuration. When detected, these will override any rules that were general to the application. See the "Configuring the Module" section of the README for full details.

v1.4.1

• ZfrCors now properly disallows Access-Control-Allow-Origin: * when the credentials flag is true. [#35]
• The CorsRequestListener now no longer raises an exception when triggered during EVENT_FINISH if the Origin header is invalid, and instead just returns early. That condition is already found during pre-flight, which allows ignoring it when returning the response. [#47]

v1.4.0

• ZfrCors will now return a 400 error if an invalid Origin value is sent.

v1.3.1

• Add compatibility with Zend Component Installer

v1.3.0

• Provides compatibility with ZF3 components (especially ServiceManager v3 and EventManager v3) [#37]

v1.2.1

• Ensure that the vary header is set when no origin is set [#31]

v1.2.0

• You can now use the wildcard character for allowing domains. You can now use "https://*.example.com" rather that manually specifying all subdomains.

v1.1.2

• ZfrCors now properly detects a CORS request if the scheme is different.

v1.1.1

• ZfrCors now properly detects a CORS request if the port is different (#19).