Skip to content

RepositoryRestHandlerMapping does not consider allowedOriginPatterns of @CrossOrigin #2077

New issue
New issue
Closed
Closed
RepositoryRestHandlerMapping does not consider allowedOriginPatterns of @CrossOrigin#2077
Assignees
odrotbohm
Labels
type: enhancementA general enhancement
Milestone
3.4.15 (2020.0.15)
@dnlhpp

Description

@dnlhpp
dnlhpp
opened on Oct 14, 2021

When applying @CrossOrigin with allowedOriginPatterns set, these patterns are not transferred to the CorsConfiguration that the RepositoryRestHandlerMapping considers.

When not setting allowedOrigins, the default values are applied and "*" is set in allowedOrigins or the configuration object. When using this in conjunction with allowedCredentials = "true" an error is returned:

When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.

This cannot be fixed by modifying the annotation as the allowedOriginPatterns attribute is not considered by the following function.

The culprit seems to be in updateCorsConfig of RepositoryRestHandlerMapping.java as it does not add the allowedOriginPatterns of the @CrossOrigin annotation to the CorsConfiguration.

Is this intended? Otherwise I would create a pull request to fix this issue.

Best Regards,
Daniel

Metadata

Metadata

Assignees

Labels

type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions