* Always add 'Origin' to the 'Vary' header for responses to enabled URL's, to prevent caching of responses intended for one origin being served for another.
2.3.0
Not secure
------------------
* Match ``CORS_URLS_REGEX`` to ``request.path_info`` instead of ``request.path``, so the patterns can work without knowing the site's path prefix at configuration time.
2.2.1
Not secure
------------------
* Add ``Content-Length`` header to CORS preflight requests. This fixes issues with some HTTP proxies and servers, e.g. AWS Elastic Beanstalk.
2.2.0
Not secure
------------------
* Django 2.0 compatibility. Again there were no changes to the actual library code, so previous versions probably work. * Ensured that ``request._cors_enabled`` is always a ``bool()`` - previously it could be set to a regex match object.
2.1.0
Not secure
------------------
* Django 1.11 compatibility. There were no changes to the actual library code, so previous versions probably work, though they weren't properly tested on 1.11.
2.0.2
Not secure
------------------
* Fix when the check for ``CORS_MODEL`` is done to allow it to properly add the headers and respond to ``OPTIONS`` requests.