Fix allowCredentials property handling

Closes gh-3059
pull/3059/merge
izeye 10 years ago committed by Stephane Nicoll
parent fc067d1b75
commit 88612393f3

@ -133,7 +133,7 @@ public class MvcEndpointCorsProperties {
corsConfiguration.setMaxAge(this.maxAge);
}
if (this.allowCredentials != null) {
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowCredentials(this.allowCredentials);
}
return corsConfiguration;
}

@ -160,6 +160,15 @@ public class MvcEndpointCorsIntegrationTests {
header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"));
}
@Test
public void credentialsCanBeDisabled() throws Exception {
EnvironmentTestUtils.addEnvironment(this.context,
"endpoints.cors.allowed-origins:foo.example.com",
"endpoints.cors.allow-credentials:false");
performAcceptedCorsRequest().andExpect(
header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
}
@Test
public void jolokiaEndpointUsesGlobalCorsConfiguration() throws Exception {
EnvironmentTestUtils.addEnvironment(this.context,

Loading…
Cancel
Save