Skip to content

Avoid rejecting same origin requests detected as CORS requests [SPR-13206] #17798

New issue
New issue
Closed
Closed
Avoid rejecting same origin requests detected as CORS requests [SPR-13206]#17798
Assignees
sdeleuze
Labels
in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement
Milestone
4.2 RC3
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Jul 7, 2015

Sébastien Deleuze opened SPR-13206 and commented

Browsers like Chrome or Safari include an Origin header on same-origin POST/PUT/DELETE requests. As a consequence, these requests are detected as potential CORS requests by CorsUtils.isCorsRequest() and wrongly rejected if a CorsConfiguration is defined with an allowedOrigins property that does not contain the same origin domain. This is an issue since most users will configure only the cross origin domains.

Affects: 4.2 RC2

Referenced from: commits 84138ab

Metadata

Metadata

Assignees

Labels

in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions