Refine CORS documentation for wildcard processing #31168
Assignees
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
type: backport
An issue that is a backport of another issue to a maintenance branch
type: documentation
A documentation task
Milestone
Comments
github-actions
bot
added
in: web
sdeleuze
added
type: documentation
sdeleuze
changed the title
sdeleuze
added a commit
to sdeleuze/spring-framework
that referenced
this issue
Sep 11, 2023
This commit refines CORS wildcard processing Javadoc to provides more details on how wildcards are handled for Access-Control-Allow-Methods, Access-Control-Allow-Headers and Access-Control-Expose-Headers CORS headers. For Access-Control-Expose-Headers, it is not possible to copy the response headers which are not available at the point when the CorsProcessor is invoked. Since all the major browsers seem to support wildcard including on requests with credentials, and since this is ultimately the user-agent responsibility to check on client-side what is authorized or not, Spring Framework continues to support this use case. See spring-projectsgh-31168
sdeleuze
added a commit
to sdeleuze/spring-framework
that referenced
this issue
Sep 11, 2023
This commit adds a reference documentation section dedicated to CORS credentialed requests and related wildcard processing. Closes spring-projectsgh-31168
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Backport of gh-31143
The text was updated successfully, but these errors were encountered: