forked from spring-projects/spring-framework
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit refines CORS wildcard processing in order to avoid sending a wildcard for Access-Control-Allow-Headers and Access-Control-Allow-Methods when credentials are enabled for non-preflight requests, as required by the specification. In that case, Access-Control-Allow-Headers and Access-Control-Allow-Methods values are copied from the request. For Access-Control-Expose-Headers, this is not possible since that would require to copy the response headers which are not available at the point when the CorsProcessor is invoked. Since all the major browsers seems to support wildcard including on requests with credentials, and since this is ultimately their responsibility to check on client-side what is authorized or not, Spring Framework continue to support this use case with proper mention in the Javadoc.
- Loading branch information
Showing
6 changed files
with
114 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters