Support dynamic Access-Control-Allow-Origin based on Origin HTTP request header [SPR-13511] #18088
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
status: invalid
An issue that we don't feel is valid
Hendy Irawan opened SPR-13511 and commented
Spring 4.2 has CORS support, however allowed Origin(s) must be set manually. Which is problematic when combined with authentication, because authentication not supported with
Access-Control-Allow-Origin: *
.Please allow to make this set automatically. Very useful for Ionic/Cordova clients.
i.e. if client sends
Origin: assets-library://whatever/
then server will sendAccess-Control-Allow-Origin: assets-library://whatever/
Affects: 4.2.1
Reference URL: http://stackoverflow.com/q/32797633/122441
The text was updated successfully, but these errors were encountered: