Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid rejecting same origin requests detected as CORS requests [SPR-13206] #17798

spring-projects-issues opened this issue Jul 7, 2015 · 1 comment


Copy link

@spring-projects-issues spring-projects-issues commented Jul 7, 2015

Sébastien Deleuze opened SPR-13206 and commented

Browsers like Chrome or Safari include an Origin header on same-origin POST/PUT/DELETE requests. As a consequence, these requests are detected as potential CORS requests by CorsUtils.isCorsRequest() and wrongly rejected if a CorsConfiguration is defined with an allowedOrigins property that does not contain the same origin domain. This is an issue since most users will configure only the cross origin domains.

Affects: 4.2 RC2

Referenced from: commits 84138ab

Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Jul 13, 2015

Sébastien Deleuze commented

Resolved by this commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants