Subject: CVS commit: pkgsrc/www/py-django-cors-headers
From: Adam Ciarcinski
Date: 2019-05-13 17:54:51
Message id: 20190513155451.D81CBFB16@cvs.NetBSD.org

Log Message:
py-django-cors-headers: updated to 3.0.1

3.0.1:

Allow 'null' in CORS_ORIGIN_WHITELIST check.

3.0.0:

CORS_ORIGIN_WHITELIST now requires URI schemes, and optionally ports. This is \ 
part of the CORS specification (Section 3.2) that was not implemented in this \ 
library, except from with the CORS_ORIGIN_REGEX_WHITELIST setting. It fixes a \ 
security issue where the CORS middleware would allow requests between schemes, \ 
for example from insecure http:// Origins to a secure https:// site.

You will need to update your whitelist to include schemes, for example from this:

CORS_ORIGIN_WHITELIST = ['example.com']
...to this:

CORS_ORIGIN_WHITELIST = ['https://example.com']
Removed the CORS_MODEL setting, and associated class. It seems very few, or no \ 
users were using it, since there were no bug reports since its move to abstract \ 
in version 2.0.0 (2017-01-07). If you are using this functionality, you can \ 
continue by changing your model to not inherit from the abstract one, and add a \ 
signal handler for check_request_enabled that reads from your model. Note you'll \ 
need to handle the move to include schemes for Origins.

Files:
RevisionActionfile
1.9modifypkgsrc/www/py-django-cors-headers/Makefile
1.3modifypkgsrc/www/py-django-cors-headers/PLIST
1.9modifypkgsrc/www/py-django-cors-headers/distinfo