.github/workflows/release.yml

@@ -0,0 +1,29 @@
+name: Release to PyPi
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  deploy:
+    name: upload release to PyPI
+    runs-on: ubuntu-latest
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: '3.11'
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build
+      - name: Build package
+        run: python -m build
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

.github/workflows/unittests.yaml

@@ -0,0 +1,29 @@
+name: Python Unittests
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12"]
+        dependencies:
+            - "flask==1.1 Jinja2==3.0.3 itsdangerous==2.0.1 werkzeug==2.0.3"
+            - "flask==2.3.2"
+            - "flask==3.0.1"
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: 'pip'
+      # You can test your matrix by printing the current Python version
+      - name: Install deps
+        run: pip install -U setuptools pep8 coverage docutils pygments packaging pytest pytest-cov ${{ matrix.dependencies }}
+      - name: Run tests
+        run: |
+            coverage erase
+            python setup.py clean build install
+            pytest --cov=flask_cors

.readthedocs.yaml

@@ -0,0 +1,14 @@
+version: 2
+
+build:
+  os: 'ubuntu-22.04'
+  tools:
+    python: '3.12'
+
+sphinx:
+  configuration: 'docs/conf.py'
+  fail_on_warning: false
+
+python:
+  install:
+    - requirements: 'docs/requirements.txt'

CHANGELOG.md

@@ -1,5 +1,25 @@
 # Change Log
 
+## 4.0.1
+### Security
+* Address [CVE-2024-1681](https://github.com/advisories/GHSA-84pr-m4jr-85g5) which is a log injection vulnerability when the log level is set to debug by @aneshujevic in https://github.com/corydolphin/flask-cors/pull/351
+
+## 4.0.0
+* Remove support for Python versions older than 3.8 by @WAKayser in https://github.com/corydolphin/flask-cors/pull/330
+* Add GHA tooling by @corydolphin in https://github.com/corydolphin/flask-cors/pull/331
+
+## 3.1.01
+* Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
+* two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
+* Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
+* FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
+* Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
+* Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
+* 'Access-Control-Allow-Private-Network = true' header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
+* docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
+* [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316
+
+
 ## 3.0.10
 Adds support for PPC64 and ARM64 builds for distribution. Thanks @sreekanth370
 
@@ -17,10 +37,10 @@ Thank you @juanmaneo and @jdevera for the contribution.
 Updated logging.warn to logging.warning (#234) Thanks Vaibhav
 
 ## 3.0.6
-Manual error in release process. Identical contents at 3.0.5. 
+Manual error in release process. Identical contents at 3.0.5.
 
 ## 3.0.5
-Fixes incorrect handling of regexes containg `[`, and a few other special characters. Fixes Issue [#212](https://github.com/corydolphin/flask-cors/issues/212) 
+Fixes incorrect handling of regexes containing `[`, and a few other special characters. Fixes Issue [#212](https://github.com/corydolphin/flask-cors/issues/212)
 
 ## 3.0.4
 Handle response.headers being None. (Fixes issue #217)

README.rst

@@ -6,10 +6,10 @@ Flask-CORS
 
 A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
 
-This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. 
-This means no mucking around with different allowed headers, methods, etc. 
+This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain.
+This means no mucking around with different allowed headers, methods, etc.
 
-By default, submission of cookies across domains is disabled due to the security implications. 
+By default, submission of cookies across domains is disabled due to the security implications.
 Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of `CSRF <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`__ protection before doing so!
 
 Installation
@@ -24,14 +24,14 @@ Install the extension with using pip, or easy\_install.
 Usage
 -----
 
-This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. 
-It allows parameterization of all CORS headers on a per-resource level. 
+This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods.
+It allows parameterization of all CORS headers on a per-resource level.
 The package also contains a decorator, for those who prefer this approach.
 
 Simple Usage
 ~~~~~~~~~~~~
 
-In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. 
+In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes.
 See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
 
 .. code:: python
@@ -50,7 +50,7 @@ See the full list of options in the `documentation <https://flask-cors.corydolph
 Resource specific CORS
 ^^^^^^^^^^^^^^^^^^^^^^
 
-Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the `resources` option, mapping paths to a set of options. 
+Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the `resources` option, mapping paths to a set of options.
 See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
 
 .. code:: python
@@ -65,8 +65,8 @@ See the full list of options in the `documentation <https://flask-cors.corydolph
 Route specific CORS via decorator
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-This extension also exposes a simple decorator to decorate flask routes with. 
-Simply add ``@cross_origin()`` below a call to Flask's ``@app.route(..)`` to allow CORS on a given route. 
+This extension also exposes a simple decorator to decorate flask routes with.
+Simply add ``@cross_origin()`` below a call to Flask's ``@app.route(..)`` to allow CORS on a given route.
 See the full list of options in the `decorator documentation <https://flask-cors.corydolphin.com/en/latest/api.html#decorator>`__.
 
 .. code:: python
@@ -94,22 +94,25 @@ If things aren't working as you expect, enable logging to help understand what i
 Tests
 -----
 
-A simple set of tests is included in ``test/``. 
+A simple set of tests is included in ``test/``.
 To run, install nose, and simply invoke ``nosetests`` or ``python setup.py test`` to exercise the tests.
 
+If nosetests does not work for you, due to it no longer working with newer python versions.
+You can use pytest to run the tests instead.
+
 Contributing
 ------------
 
-Questions, comments or improvements? 
-Please create an issue on `Github <https://github.com/corydolphin/flask-cors>`__, tweet at `@corydolphin <https://twitter.com/corydolphin>`__ or send me an email. 
+Questions, comments or improvements?
+Please create an issue on `Github <https://github.com/corydolphin/flask-cors>`__, tweet at `@corydolphin <https://twitter.com/corydolphin>`__ or send me an email.
 I do my best to include every contribution proposed in any way that I can.
 
 Credits
 -------
 
-This Flask extension is based upon the `Decorator for the HTTP Access Control <http://flask.pocoo.org/snippets/56/>`__ written by Armin Ronacher.
+This Flask extension is based upon the `Decorator for the HTTP Access Control <https://web.archive.org/web/20190128010149/http://flask.pocoo.org/snippets/56/>`__ written by Armin Ronacher.
 
-.. |Build Status| image:: https://api.travis-ci.org/corydolphin/flask-cors.svg?branch=master
+.. |Build Status| image:: https://github.com/corydolphin/flask-cors/actions/workflows/unittests.yaml/badge.svg
    :target: https://travis-ci.org/corydolphin/flask-cors
 .. |Latest Version| image:: https://img.shields.io/pypi/v/Flask-Cors.svg
    :target: https://pypi.python.org/pypi/Flask-Cors/

docs/api.rst

@@ -70,7 +70,7 @@ Using the `CORS` extension
    :lines: 29-
 
 
-Using the `cross_origins` decorator
+Using the `cross_origin` decorator
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 .. literalinclude:: ../examples/view_based_example.py

docs/conf.py

@@ -255,4 +255,4 @@
 
 
 # Example configuration for intersphinx: refer to the Python standard library.
-intersphinx_mapping = {'http://docs.python.org/': None}
+intersphinx_mapping = {'py': ('http://docs.python.org/', None)}

docs/configuration.rst

@@ -21,7 +21,20 @@ The configuration options recognised by Flask-CORS are:
 
 CORS_ALLOW_HEADERS (:py:class:`~typing.List` or :py:class:`str`)
    Headers to accept from the client.
-   Headers in the :http:header:`Access-Control-Request-Headers` request header (usually part of the preflight OPTIONS request) maching headers in this list will be included in the :http:header:`Access-Control-Allow-Headers` response header.
+   Headers in the :http:header:`Access-Control-Request-Headers` request header (usually part of the preflight OPTIONS request) matching headers in this list will be included in the :http:header:`Access-Control-Allow-Headers` response header.
+
+CORS_ALLOW_PRIVATE_NETWORK (:py:class:`bool`)
+   If True, the response header :http:header:`Access-Control-Allow-Private-Network`
+   will be set with the value 'true' whenever the request header
+   :http:header:`Access-Control-Request-Private-Network` has a value 'true'.
+
+   If False, the reponse header :http:header:`Access-Control-Allow-Private-Network`
+   will be set with the value 'false' whenever the request header
+   :http:header:`Access-Control-Request-Private-Network` has a value of 'true'.
+
+   If the request header :http:header:`Access-Control-Request-Private-Network` is
+   not present or has a value other than 'true', the response header
+   :http:header:`Access-Control-Allow-Private-Network` will not be set.
 
 CORS_ALWAYS_SEND (:py:class:`bool`)
    Usually, if a request doesn't include an :http:header:`Origin` header, the client did not request CORS.
@@ -83,6 +96,7 @@ Default values
 ~~~~~~~~~~~~~~
 
 * CORS_ALLOW_HEADERS: "*"
+* CORS_ALLOW_PRIVATE_NETWORK: True
 * CORS_ALWAYS_SEND: True
 * CORS_AUTOMATIC_OPTIONS: True
 * CORS_EXPOSE_HEADERS: None
@@ -114,7 +128,7 @@ App level configuration settings
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 It's good practice to keep your application configuration settings in one place.
-This is also possible with Flask-CORS using the same configuration options in the Flas application's config object.
+This is also possible with Flask-CORS using the same configuration options in the Flask application's config object.
 
 Default settings
 ^^^^^^^^^^^^^^^^

docs/requirements.txt

@@ -1 +1,27 @@
-sphinxcontrib-httpdomain==1.7.0
+alabaster==0.7.13 ; python_version >= "3.8"
+babel==2.14.0 ; python_version >= "3.8"
+certifi==2024.2.2 ; python_version >= "3.8"
+charset-normalizer==3.3.2 ; python_version >= "3.8"
+colorama==0.4.6 ; python_version >= "3.8" and sys_platform == "win32"
+docutils==0.20.1 ; python_version >= "3.8"
+idna==3.6 ; python_version >= "3.8"
+imagesize==1.4.1 ; python_version >= "3.8"
+importlib-metadata==7.0.1 ; python_version < "3.10" and python_version >= "3.8"
+jinja2==3.1.3 ; python_version >= "3.8"
+markupsafe==2.1.5 ; python_version >= "3.8"
+packaging==23.2 ; python_version >= "3.8"
+pygments==2.17.2 ; python_version >= "3.8"
+pytz==2024.1 ; python_version < "3.9" and python_version >= "3.8"
+requests==2.32.0 ; python_version >= "3.8"
+snowballstemmer==2.2.0 ; python_version >= "3.8"
+sphinx==7.1.2 ; python_version >= "3.8"
+sphinx-rtd-theme==2.0.0 ; python_version >= "3.8"
+sphinxcontrib-applehelp==1.0.4 ; python_version >= "3.8"
+sphinxcontrib-devhelp==1.0.2 ; python_version >= "3.8"
+sphinxcontrib-htmlhelp==2.0.1 ; python_version >= "3.8"
+sphinxcontrib-httpdomain==1.8.1 ; python_version >= "3.8"
+sphinxcontrib-jsmath==1.0.1 ; python_version >= "3.8"
+sphinxcontrib-qthelp==1.0.3 ; python_version >= "3.8"
+sphinxcontrib-serializinghtml==1.1.5 ; python_version >= "3.8"
+urllib3==2.2.1 ; python_version >= "3.8"
+zipp==3.17.0 ; python_version < "3.10" and python_version >= "3.8"

examples/app_based_example.py

@@ -143,7 +143,7 @@ def get_exception():
 @app.errorhandler(500)
 def server_error(e):
     logging.exception('An error occurred during a request. %s', e)
-    return "An internal error occured", 500
+    return "An internal error occurred", 500
 
 
 if __name__ == "__main__":

flask_cors/__init__.py

@@ -24,4 +24,4 @@
 rootlogger.addHandler(NullHandler())
 
 if rootlogger.level == logging.NOTSET:
-    rootlogger.setLevel(logging.WARN)
+    rootlogger.setLevel(logging.WARN)