|
|
|
@ -1,5 +1,5 @@ |
|
|
|
/* |
|
|
|
/* |
|
|
|
* Copyright 2002-2024 the original author or authors. |
|
|
|
* Copyright 2002-2025 the original author or authors. |
|
|
|
* |
|
|
|
* |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
@ -297,14 +297,7 @@ public class CorsConfiguration { |
|
|
|
* allowCredentials} is set to {@code true}, that combination is handled |
|
|
|
* allowCredentials} is set to {@code true}, that combination is handled |
|
|
|
* by copying the method specified in the CORS preflight request. |
|
|
|
* by copying the method specified in the CORS preflight request. |
|
|
|
* <p>If not set, only {@code "GET"} and {@code "HEAD"} are allowed. |
|
|
|
* <p>If not set, only {@code "GET"} and {@code "HEAD"} are allowed. |
|
|
|
* <p>By default this is not set. |
|
|
|
* <p>By default, this is not set. |
|
|
|
* <p><strong>Note:</strong> CORS checks use values from "Forwarded" |
|
|
|
|
|
|
|
* (<a href="https://tools.ietf.org/html/rfc7239">RFC 7239</a>), |
|
|
|
|
|
|
|
* "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers, |
|
|
|
|
|
|
|
* if present, in order to reflect the client-originated address. |
|
|
|
|
|
|
|
* Consider using the {@code ForwardedHeaderFilter} in order to choose from a |
|
|
|
|
|
|
|
* central place whether to extract and use, or to discard such headers. |
|
|
|
|
|
|
|
* See the Spring Framework reference for more on this filter. |
|
|
|
|
|
|
|
*/ |
|
|
|
*/ |
|
|
|
public void setAllowedMethods(@Nullable List<String> allowedMethods) { |
|
|
|
public void setAllowedMethods(@Nullable List<String> allowedMethods) { |
|
|
|
this.allowedMethods = (allowedMethods != null ? new ArrayList<>(allowedMethods) : null); |
|
|
|
this.allowedMethods = (allowedMethods != null ? new ArrayList<>(allowedMethods) : null); |
|
|
|
@ -456,7 +449,7 @@ public class CorsConfiguration { |
|
|
|
* level of trust with the configured domains and also increases the surface |
|
|
|
* level of trust with the configured domains and also increases the surface |
|
|
|
* attack of the web application by exposing sensitive user-specific |
|
|
|
* attack of the web application by exposing sensitive user-specific |
|
|
|
* information such as cookies and CSRF tokens. |
|
|
|
* information such as cookies and CSRF tokens. |
|
|
|
* <p>By default this is not set (i.e. user credentials are not supported). |
|
|
|
* <p>By default, this is not set (i.e. user credentials are not supported). |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
public void setAllowCredentials(@Nullable Boolean allowCredentials) { |
|
|
|
public void setAllowCredentials(@Nullable Boolean allowCredentials) { |
|
|
|
this.allowCredentials = allowCredentials; |
|
|
|
this.allowCredentials = allowCredentials; |
|
|
|
@ -480,7 +473,7 @@ public class CorsConfiguration { |
|
|
|
* <p>Setting this property has an impact on how {@link #setAllowedOrigins(List) |
|
|
|
* <p>Setting this property has an impact on how {@link #setAllowedOrigins(List) |
|
|
|
* origins} and {@link #setAllowedOriginPatterns(List) originPatterns} are processed, |
|
|
|
* origins} and {@link #setAllowedOriginPatterns(List) originPatterns} are processed, |
|
|
|
* see related API documentation for more details. |
|
|
|
* see related API documentation for more details. |
|
|
|
* <p>By default this is not set (i.e. private network access is not supported). |
|
|
|
* <p>By default, this is not set (i.e. private network access is not supported). |
|
|
|
* @since 5.3.32 |
|
|
|
* @since 5.3.32 |
|
|
|
* @see <a href="https://wicg.github.io/private-network-access/">Private network access specifications</a> |
|
|
|
* @see <a href="https://wicg.github.io/private-network-access/">Private network access specifications</a> |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
|
rstoyanchev
9 months ago