From f5c6bc8204c9e2a9fcd20bd984cf713f6798b7c0 Mon Sep 17 00:00:00 2001 From: Alejandro Celaya Date: Wed, 16 Jul 2025 08:37:38 +0200 Subject: [PATCH] Update changelog --- CHANGELOG.md | 1 + module/Core/test/Config/Options/CorsOptionsTest.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7b4c4ba..a22b5be9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this For BC, if this env vars is not present, we'll still consider the integration enabled if the `MERCURE_PUBLIC_HUB_URL` env var has a value. This is considered deprecated though, and next major version will rely only on `MERCURE_ENABLED`, so if you are using Mercure, make sure to set `MERCURE_ENABLED=true` to be ready. * [#2387](https://github.com/shlinkio/shlink/issues/2387) Add `REAL_TIME_UPDATES_TOPICS` env var and corresponding config option, to granularly decide which real-time updates topics should be enabled. +* [#2418](https://github.com/shlinkio/shlink/issues/2418) Add more granular control over how Shlink handles CORS. It is now possible to customize the `Access-Control-Allow-Origin`, `Access-Control-Max-Age` and `Access-Control-Allow-Credentials` headers via env vars or config options. ### Changed * [#2406](https://github.com/shlinkio/shlink/issues/2406) Remove references to bootstrap from error templates, and instead inline the very minimum required styles. diff --git a/module/Core/test/Config/Options/CorsOptionsTest.php b/module/Core/test/Config/Options/CorsOptionsTest.php index cfed36d7..b02799b0 100644 --- a/module/Core/test/Config/Options/CorsOptionsTest.php +++ b/module/Core/test/Config/Options/CorsOptionsTest.php @@ -30,7 +30,7 @@ class CorsOptionsTest extends TestCase $expectedAllowOriginsHeader, $options->responseWithAllowOrigin( ServerRequestFactory::fromGlobals()->withHeader('Origin', 'https://example.com'), - new Response() + new Response(), )->getHeaderLine('Access-Control-Allow-Origin'), ); }