From 1734427d32d0505e85411f33ead8e7c97967a991 Mon Sep 17 00:00:00 2001
From: Swati Sneha <111363288+swatiatdeliverect@users.noreply.github.com>
Date: Tue, 11 Apr 2023 21:30:44 +0200
Subject: [PATCH 1/2] test

---
 starlette/middleware/cors.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/starlette/middleware/cors.py b/starlette/middleware/cors.py
index 5c9bfa684..d8537061a 100644
--- a/starlette/middleware/cors.py
+++ b/starlette/middleware/cors.py
@@ -69,6 +69,7 @@ def __init__(
         self.allow_origin_regex = compiled_allow_origin_regex
         self.simple_headers = simple_headers
         self.preflight_headers = preflight_headers
+        self.allow_credentials = allow_credentials
 
     async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
         if scope["type"] != "http":  # pragma: no cover
@@ -162,6 +163,9 @@ async def send(
         # with the specific origin instead of '*'.
         if self.allow_all_origins and has_cookie:
             self.allow_explicit_origin(headers, origin)
+            
+        if self.allow_all_origins and self.allow_credentials:
+            self.allow_explicit_origin(headers, origin)
 
         # If we only allow specific origins, then we have to mirror back
         # the Origin header in the response.

From 1811806bd8f22e3236753c6d33d02e492b193d6c Mon Sep 17 00:00:00 2001
From: Swati Sneha <swati.sneha095@gmail.com>
Date: Wed, 12 Apr 2023 21:18:42 +0200
Subject: [PATCH 2/2] test

---
 starlette/middleware/cors.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/starlette/middleware/cors.py b/starlette/middleware/cors.py
index d8537061a..e5de40138 100644
--- a/starlette/middleware/cors.py
+++ b/starlette/middleware/cors.py
@@ -161,10 +161,7 @@ async def send(
 
         # If request includes any cookie headers, then we must respond
         # with the specific origin instead of '*'.
-        if self.allow_all_origins and has_cookie:
-            self.allow_explicit_origin(headers, origin)
-            
-        if self.allow_all_origins and self.allow_credentials:
+        if self.allow_all_origins and (has_cookie or self.allow_credentials):
             self.allow_explicit_origin(headers, origin)
 
         # If we only allow specific origins, then we have to mirror back