Update changelog

CHANGELOG.md

@@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this
     For BC, if this env vars is not present, we'll still consider the integration enabled if the `MERCURE_PUBLIC_HUB_URL` env var has a value. This is considered deprecated though, and next major version will rely only on `MERCURE_ENABLED`, so if you are using Mercure, make sure to set `MERCURE_ENABLED=true` to be ready.
 
 * [#2387](https://github.com/shlinkio/shlink/issues/2387) Add `REAL_TIME_UPDATES_TOPICS` env var and corresponding config option, to granularly decide which real-time updates topics should be enabled.
+* [#2418](https://github.com/shlinkio/shlink/issues/2418) Add more granular control over how Shlink handles CORS. It is now possible to customize the `Access-Control-Allow-Origin`, `Access-Control-Max-Age` and `Access-Control-Allow-Credentials` headers via env vars or config options.
 
 ### Changed
 * [#2406](https://github.com/shlinkio/shlink/issues/2406) Remove references to bootstrap from error templates, and instead inline the very minimum required styles.

module/Core/test/Config/Options/CorsOptionsTest.php

@@ -30,7 +30,7 @@ class CorsOptionsTest extends TestCase
             $expectedAllowOriginsHeader,
             $options->responseWithAllowOrigin(
                 ServerRequestFactory::fromGlobals()->withHeader('Origin', 'https://example.com'),
-                new Response()
+                new Response(),
             )->getHeaderLine('Access-Control-Allow-Origin'),
         );
     }