feat: 2.12 releases

.github/workflows/release.yml

@@ -2,6 +2,7 @@ name: Release
 on:
   push:
     branches:
+      - "2.11.x"
       - main
       - next
     tags-ignore:

.releaserc.js

@@ -1,5 +1,6 @@
 module.exports = {
     branches: [
+        {name: "2.12.x"},
         {name: "main"},
         {name: "next", prerelease: true},
     ],

SECURITY.md

@@ -9,16 +9,15 @@ We currently support the following version of the OIDC framework:
 | Version  | Supported          | Branch      | Details                              |
 | -------- | ------------------ | ----------- | ------------------------------------ |
 | 0.x.x    | :x:                |             | not maintained                       |
-| <1.13    | :x:                |             | not maintained                       |
-| 1.13.x   | :lock: :warning:   | [1.13.x][1] | security only, [community effort][2] |
-| 2.x.x    | :heavy_check_mark: | [main][3]   | supported                            |
-| 3.0.0-xx | :white_check_mark: | [next][4]   | [developement branch][5]             |
+| <2.11    | :x:                |             | not maintained                       |
+| 2.11.x   | :lock: :warning:   | [2.11.x][1] | security only, [community effort][2] |
+| 3.x.x    | :heavy_check_mark: | [main][3]   | supported                            |
+| 4.0.0-xx | :white_check_mark: | [next][4]   | [development branch]                |
 
-[1]: https://github.com/zitadel/oidc/tree/1.13.x
-[2]: https://github.com/zitadel/oidc/discussions/378
+[1]: https://github.com/zitadel/oidc/tree/2.11.x
+[2]: https://github.com/zitadel/oidc/discussions/458
 [3]: https://github.com/zitadel/oidc/tree/main
 [4]: https://github.com/zitadel/oidc/tree/next
-[5]: https://github.com/zitadel/oidc/milestone/2
 
 ## Reporting a vulnerability
 

pkg/op/op.go

@@ -90,9 +90,19 @@ type OpenIDProvider interface {
 
 type HttpInterceptor func(http.Handler) http.Handler
 
+type corsOptioner interface {
+	CORSOptions() *cors.Options
+}
+
 func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router {
 	router := mux.NewRouter()
-	router.Use(cors.New(defaultCORSOptions).Handler)
+	if co, ok := o.(corsOptioner); ok {
+		if opts := co.CORSOptions(); opts != nil {
+			router.Use(cors.New(*opts).Handler)
+		}
+	} else {
+		router.Use(cors.New(defaultCORSOptions).Handler)
+	}
 	router.Use(intercept(o.IssuerFromRequest, interceptors...))
 	router.HandleFunc(healthEndpoint, healthHandler)
 	router.HandleFunc(readinessEndpoint, readyHandler(o.Probes()))
@@ -186,6 +196,7 @@ func newProvider(config *Config, storage Storage, issuer func(bool) (IssuerFromR
 		storage:   storage,
 		endpoints: DefaultEndpoints,
 		timer:     make(<-chan time.Time),
+		corsOpts:  &defaultCORSOptions,
 	}
 
 	for _, optFunc := range opOpts {
@@ -229,6 +240,7 @@ type Provider struct {
 	timer                   <-chan time.Time
 	accessTokenVerifierOpts []AccessTokenVerifierOpt
 	idTokenHintVerifierOpts []IDTokenHintVerifierOpt
+	corsOpts                *cors.Options
 }
 
 func (o *Provider) IssuerFromRequest(r *http.Request) string {
@@ -387,6 +399,10 @@ func (o *Provider) Probes() []ProbesFn {
 	}
 }
 
+func (o *Provider) CORSOptions() *cors.Options {
+	return o.corsOpts
+}
+
 func (o *Provider) HttpHandler() http.Handler {
 	return o.httpHandler
 }
@@ -534,12 +550,19 @@ func WithIDTokenHintVerifierOpts(opts ...IDTokenHintVerifierOpt) Option {
 	}
 }
 
+func WithCORSOptions(opts *cors.Options) Option {
+	return func(o *Provider) error {
+		o.corsOpts = opts
+		return nil
+	}
+}
+
 func intercept(i IssuerFromRequest, interceptors ...HttpInterceptor) func(handler http.Handler) http.Handler {
 	issuerInterceptor := NewIssuerInterceptor(i)
 	return func(handler http.Handler) http.Handler {
 		for i := len(interceptors) - 1; i >= 0; i-- {
 			handler = interceptors[i](handler)
 		}
-		return cors.New(defaultCORSOptions).Handler(issuerInterceptor.Handler(handler))
+		return issuerInterceptor.Handler(handler)
 	}
 }