Cross-Origin Resource Sharing

Request payloads are no longer returned in the response when the policy is applied with specific origins and a request is performed with an unknown origin.

Fix policy schema not allowing additional properties via REST API.

First Flex compatible Policy.

Separated Policy Definition from Policy Implementation. Stronger validations applied to a given policy configuration.

The CORS policy now supports an value in the Origins and Headers fields. An signifies that there are no restrictions in the origin and header fields of the API request.

When the CORS Policy is applied to an API whose HTTP Listener configuration is in a Mule Domain, the policy deployment fails. This is because both the domain and the policy export the same internal package.

The CORS policy business logic is now completely modified to improve performance.

Several performance improvements are made to the header manipulation engine.

After a policy was applied, HTTP headers did not follow the RFC 2616 requirement of case-sensitivity:

Several performance improvements were introduced in this release.

CORS policy does not try to duplicate Access-Controll-Allow-Origin header anymore.

CORS policy now only returns HTTP method selected as allowed in the Access-Control-Allow-Methods header.

Several performance improvements were introduced in this release.

No new features were added in this version.

The CORS Policy does not throw a 500 Server Error anymore if the content-type is not specified in the request.

Reduced error-handling verbosity in templates.

The transformations of HTTP attributes are now based on a specified output type.

Fixed missing groupId for proxy samples dependency.