diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40ab947..62d0875 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -92,6 +92,11 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest
browser to the last origin listed, rather than returning to the original URL. This has been
fixed.
+- Bugfix: Previously, the `OAuth2` filter's known endpoints `/.ambassador/oauth2/logout` and
+ `/.ambassador/oauth2/multicookie` did not understand CORS or CORS preflight request which would
+ cause the browser to reject the request. This has now been fixed and these endpoints will attach
+ the appropriate CORS headers to the response.
+
## [2.3.2] TBD
[2.3.2]: https://github.com/datawire/edge-stack/releases/v2.3.2
@@ -107,6 +112,11 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest
browser to the last origin listed, rather than returning to the original URL. This has been
fixed.
+- Bugfix: Previously, the `OAuth2` filter's known endpoints `/.ambassador/oauth2/logout` and
+ `/.ambassador/oauth2/multicookie` did not understand CORS or CORS preflight request which would
+ cause the browser to reject the request. This has now been fixed and these endpoints will attach
+ the appropriate CORS headers to the response.
+
## [3.0.0] 2022-06-29
[3.0.0]: https://github.com/datawire/edge-stack/releases/v3.0.0
diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml
index 13749ec..d53d292 100644
--- a/docs/releaseNotes.yml
+++ b/docs/releaseNotes.yml
@@ -50,6 +50,13 @@ items:
adjust the cookies for an active login (which only happens when using a refresh token), it
would erroneously redirect the web browser to the last origin listed, rather than
returning to the original URL. This has been fixed.
+ - title: Correctly handle CORS and CORs preflight request within the OAuth2 Fitler known endpoints
+ type: bugfix
+ body: >-
+ Previously, the OAuth2
filter's known endpoints /.ambassador/oauth2/logout
+ and /.ambassador/oauth2/multicookie
did not understand CORS or CORS preflight request
+ which would cause the browser to reject the request. This has now been fixed and these endpoints will
+ attach the appropriate CORS headers to the response.
- version: 2.3.2
date: 'TBD'
notes:
@@ -68,6 +75,13 @@ items:
adjust the cookies for an active login (which only happens when using a refresh token), it
would erroneously redirect the web browser to the last origin listed, rather than
returning to the original URL. This has been fixed.
+ - title: Correctly handle CORS and CORs preflight request within the OAuth2 Fitler known endpoints
+ type: bugfix
+ body: >-
+ Previously, the OAuth2
filter's known endpoints /.ambassador/oauth2/logout
+ and /.ambassador/oauth2/multicookie
did not understand CORS or CORS preflight request
+ which would cause the browser to reject the request. This has now been fixed and these endpoints will
+ attach the appropriate CORS headers to the response.
- version: 3.0.0
date: '2022-06-29'
notes: