Hello community,
here is the log from the commit of package python-django-cors-headers for
openSUSE:Factory checked in at 2019-10-08 19:57:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-django-cors-headers (Old)
and /work/SRC/openSUSE:Factory/.python-django-cors-headers.new.2352 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-django-cors-headers"
Tue Oct 8 19:57:47 2019 rev:4 rq:735847 version:3.1.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-django-cors-headers/python-django-cors-headers.changes
2019-09-17 13:39:06.593826589 +0200
+++
/work/SRC/openSUSE:Factory/.python-django-cors-headers.new.2352/python-django-cors-headers.changes
2019-10-08 19:57:49.676215885 +0200
@@ -1,0 +2,7 @@
+Mon Oct 7 13:06:59 UTC 2019 - Tomáš Chvátal <[email protected]>
+
+- Update to 3.1.1:
+ * Support the value file:// for origins, which is accidentally
+ sent by some versions of Chrome on Android.
+
+-------------------------------------------------------------------
Old:
----
django-cors-headers-3.1.0.tar.gz
New:
----
django-cors-headers-3.1.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-django-cors-headers.spec ++++++
--- /var/tmp/diff_new_pack.v7a7UC/_old 2019-10-08 19:57:50.316213968 +0200
+++ /var/tmp/diff_new_pack.v7a7UC/_new 2019-10-08 19:57:50.320213956 +0200
@@ -19,11 +19,10 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: python-django-cors-headers
-Version: 3.1.0
+Version: 3.1.1
Release: 0
Summary: A Django App that adds CORS headers to responses
License: MIT
-Group: Development/Languages/Python
URL: https://github.com/adamchainz/django-cors-headers
Source:
https://files.pythonhosted.org/packages/source/d/django-cors-headers/django-cors-headers-%{version}.tar.gz
BuildRequires: %{python_module Django}
@@ -53,7 +52,7 @@
%check
export DJANGO_SETTINGS_MODULE=tests.settings
-%python_exec -m pytest
+%pytest
%files %{python_files}
%license LICENSE
++++++ django-cors-headers-3.1.0.tar.gz -> django-cors-headers-3.1.1.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/HISTORY.rst
new/django-cors-headers-3.1.1/HISTORY.rst
--- old/django-cors-headers-3.1.0/HISTORY.rst 2019-08-13 10:11:03.000000000
+0200
+++ new/django-cors-headers-3.1.1/HISTORY.rst 2019-09-30 22:51:22.000000000
+0200
@@ -6,6 +6,12 @@
.. Insert new release notes below this line
+3.1.1 (2019-09-30)
+------------------
+
+* Support the value `file://` for origins, which is accidentally sent by some
+ versions of Chrome on Android.
+
3.1.0 (2019-08-13)
------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/PKG-INFO
new/django-cors-headers-3.1.1/PKG-INFO
--- old/django-cors-headers-3.1.0/PKG-INFO 2019-08-13 10:11:19.000000000
+0200
+++ new/django-cors-headers-3.1.1/PKG-INFO 2019-09-30 22:51:38.000000000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.2
Name: django-cors-headers
-Version: 3.1.0
+Version: 3.1.1
Summary: django-cors-headers is a Django application for handling the server
headers required for Cross-Origin Resource Sharing (CORS).
Home-page: https://github.com/adamchainz/django-cors-headers
Author: Otto Yiu
@@ -43,7 +43,7 @@
Python 3.5-3.7 supported.
- Django 1.11-2.2 suppported.
+ Django 1.11-3.0 suppported.
Setup
-----
@@ -124,11 +124,15 @@
An Origin is defined by
`the CORS RFC Section 3.2
<https://tools.ietf.org/html/rfc6454#section-3.2>`_
- as a URI scheme + hostname + port, or the special value `'null'`.
+ as a URI scheme + hostname + port, or one of the special values
`'null'` or
+ `'file://'`.
Default ports (HTTPS = 443, HTTP = 80) are optional here.
+
The special value `null` is sent by the browser in
- `"privacy-sensitive contexts"
<https://tools.ietf.org/html/rfc6454#section-6>`_,
+ `"privacy-sensitive contexts"
<https://tools.ietf.org/html/rfc6454#section-6>`__,
such as when the client is running from a ``file://`` domain.
+ The special value `file://` is sent accidentally by some versions of
Chrome on
+ Android as per `this bug
<https://bugs.chromium.org/p/chromium/issues/detail?id=991107>`__.
Example:
@@ -396,6 +400,12 @@
.. Insert new release notes below this line
+ 3.1.1 (2019-09-30)
+ ------------------
+
+ * Support the value `file://` for origins, which is accidentally sent
by some
+ versions of Chrome on Android.
+
3.1.0 (2019-08-13)
------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/README.rst
new/django-cors-headers-3.1.1/README.rst
--- old/django-cors-headers-3.1.0/README.rst 2019-08-12 23:37:44.000000000
+0200
+++ new/django-cors-headers-3.1.1/README.rst 2019-09-30 22:50:47.000000000
+0200
@@ -32,7 +32,7 @@
Python 3.5-3.7 supported.
-Django 1.11-2.2 suppported.
+Django 1.11-3.0 suppported.
Setup
-----
@@ -113,11 +113,15 @@
An Origin is defined by
`the CORS RFC Section 3.2 <https://tools.ietf.org/html/rfc6454#section-3.2>`_
-as a URI scheme + hostname + port, or the special value `'null'`.
+as a URI scheme + hostname + port, or one of the special values `'null'` or
+`'file://'`.
Default ports (HTTPS = 443, HTTP = 80) are optional here.
+
The special value `null` is sent by the browser in
-`"privacy-sensitive contexts"
<https://tools.ietf.org/html/rfc6454#section-6>`_,
+`"privacy-sensitive contexts"
<https://tools.ietf.org/html/rfc6454#section-6>`__,
such as when the client is running from a ``file://`` domain.
+The special value `file://` is sent accidentally by some versions of Chrome on
+Android as per `this bug
<https://bugs.chromium.org/p/chromium/issues/detail?id=991107>`__.
Example:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/corsheaders/__init__.py
new/django-cors-headers-3.1.1/corsheaders/__init__.py
--- old/django-cors-headers-3.1.0/corsheaders/__init__.py 2019-08-13
10:11:08.000000000 +0200
+++ new/django-cors-headers-3.1.1/corsheaders/__init__.py 2019-09-30
22:51:12.000000000 +0200
@@ -1,3 +1,3 @@
from corsheaders.checks import check_settings # noqa: F401
-__version__ = "3.1.0"
+__version__ = "3.1.1"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/corsheaders/checks.py
new/django-cors-headers-3.1.1/corsheaders/checks.py
--- old/django-cors-headers-3.1.0/corsheaders/checks.py 2019-06-19
13:16:45.000000000 +0200
+++ new/django-cors-headers-3.1.1/corsheaders/checks.py 2019-09-30
22:50:47.000000000 +0200
@@ -67,8 +67,15 @@
)
)
else:
+ special_origin_values = (
+ # From 'security sensitive' contexts
+ "null",
+ # From files on Chrome on Android
+ # https://bugs.chromium.org/p/chromium/issues/detail?id=991107
+ "file://",
+ )
for origin in conf.CORS_ORIGIN_WHITELIST:
- if origin == "null":
+ if origin in special_origin_values:
continue
parsed = urlparse(origin)
if parsed.scheme == "" or parsed.netloc == "":
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/django-cors-headers-3.1.0/django_cors_headers.egg-info/PKG-INFO
new/django-cors-headers-3.1.1/django_cors_headers.egg-info/PKG-INFO
--- old/django-cors-headers-3.1.0/django_cors_headers.egg-info/PKG-INFO
2019-08-13 10:11:19.000000000 +0200
+++ new/django-cors-headers-3.1.1/django_cors_headers.egg-info/PKG-INFO
2019-09-30 22:51:38.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.2
Name: django-cors-headers
-Version: 3.1.0
+Version: 3.1.1
Summary: django-cors-headers is a Django application for handling the server
headers required for Cross-Origin Resource Sharing (CORS).
Home-page: https://github.com/adamchainz/django-cors-headers
Author: Otto Yiu
@@ -43,7 +43,7 @@
Python 3.5-3.7 supported.
- Django 1.11-2.2 suppported.
+ Django 1.11-3.0 suppported.
Setup
-----
@@ -124,11 +124,15 @@
An Origin is defined by
`the CORS RFC Section 3.2
<https://tools.ietf.org/html/rfc6454#section-3.2>`_
- as a URI scheme + hostname + port, or the special value `'null'`.
+ as a URI scheme + hostname + port, or one of the special values
`'null'` or
+ `'file://'`.
Default ports (HTTPS = 443, HTTP = 80) are optional here.
+
The special value `null` is sent by the browser in
- `"privacy-sensitive contexts"
<https://tools.ietf.org/html/rfc6454#section-6>`_,
+ `"privacy-sensitive contexts"
<https://tools.ietf.org/html/rfc6454#section-6>`__,
such as when the client is running from a ``file://`` domain.
+ The special value `file://` is sent accidentally by some versions of
Chrome on
+ Android as per `this bug
<https://bugs.chromium.org/p/chromium/issues/detail?id=991107>`__.
Example:
@@ -396,6 +400,12 @@
.. Insert new release notes below this line
+ 3.1.1 (2019-09-30)
+ ------------------
+
+ * Support the value `file://` for origins, which is accidentally sent
by some
+ versions of Chrome on Android.
+
3.1.0 (2019-08-13)
------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/tests/test_checks.py
new/django-cors-headers-3.1.1/tests/test_checks.py
--- old/django-cors-headers-3.1.0/tests/test_checks.py 2019-06-19
13:16:45.000000000 +0200
+++ new/django-cors-headers-3.1.1/tests/test_checks.py 2019-09-30
22:50:47.000000000 +0200
@@ -67,7 +67,7 @@
def test_cors_origin_whitelist_non_string(self):
self.check_error_codes(["corsheaders.E006"])
- @override_settings(CORS_ORIGIN_WHITELIST=["http://example.com";, "null"])
+ @override_settings(CORS_ORIGIN_WHITELIST=["http://example.com";, "file://",
"null"])
def test_cors_origin_whitelist_allowed(self):
self.check_error_codes([])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/tests/test_middleware.py
new/django-cors-headers-3.1.1/tests/test_middleware.py
--- old/django-cors-headers-3.1.0/tests/test_middleware.py 2019-08-12
23:37:44.000000000 +0200
+++ new/django-cors-headers-3.1.1/tests/test_middleware.py 2019-09-30
22:50:47.000000000 +0200
@@ -54,6 +54,15 @@
resp = self.client.get("/", HTTP_ORIGIN="null")
assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "null"
+ @override_settings(CORS_ORIGIN_WHITELIST=["http://example.com";, "file://"])
+ def test_file_in_whitelist(self):
+ """
+ 'file://' should be allowed as an origin since Chrome on Android
+ mistakenly sends it
+ """
+ resp = self.client.get("/", HTTP_ORIGIN="file://")
+ assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "file://"
+
@override_settings(
CORS_ORIGIN_ALLOW_ALL=True,
CORS_EXPOSE_HEADERS=["accept", "origin", "content-type"],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-cors-headers-3.1.0/tox.ini
new/django-cors-headers-3.1.1/tox.ini
--- old/django-cors-headers-3.1.0/tox.ini 2019-08-12 09:54:47.000000000
+0200
+++ new/django-cors-headers-3.1.1/tox.ini 2019-09-15 10:26:49.000000000
+0200
@@ -1,6 +1,7 @@
[tox]
envlist =
py{35,36,37}-django{111,20,21,22},
+ py{36,37}-django{30},
py37-codestyle
[testenv]
@@ -31,6 +32,9 @@
[testenv:py36-django22]
deps = -rrequirements/py36-django22.txt
+[testenv:py36-django30]
+deps = -rrequirements/py36-django30.txt
+
[testenv:py37-django111]
deps = -rrequirements/py37-django111.txt
@@ -43,9 +47,11 @@
[testenv:py37-django22]
deps = -rrequirements/py37-django22.txt
+[testenv:py37-django30]
+deps = -rrequirements/py37-django30.txt
+
[testenv:py37-codestyle]
deps = -rrequirements/py37-django22.txt
-skip_install = true
commands =
multilint
twine check .tox/dist/*
