Skip to content

Commit

Permalink
Merge pull request #1697 from drewwills/cors-allowed-headers-Authoriz…
Browse files Browse the repository at this point in the history
…ation

fix(CORS): add 'Authorization' to the default value(s) for cors.allowed.headers because of our recent changes to support two-legged OAuth
  • Loading branch information
drewwills authored May 20, 2019
2 parents d9a6c82 + 493f303 commit 0e4b939
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@
*/
public class CorsFilter implements Filter {

private static final long serialVersionUID = 1L;
private static final Logger log = LoggerFactory.getLogger(CorsFilter.class);

/** {@link FilterConfig} reference to {@code init()} parameter. */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@
<!-- allowedOrigins should include protocol. For example, "https://idp.myschool.edu, https://cas.myschool.edu" -->
<property name="allowedOrigins" value="${cors.allowed.origins:}" />
<property name="allowedHttpMethods" value="${cors.allowed.methods:GET,HEAD}" />
<property name="allowedHttpHeaders" value="${cors.allowed.headers:Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers}" />
<property name="allowedHttpHeaders" value="${cors.allowed.headers:Origin,Accept,Authorization,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers}" />
<property name="exposedHeaders" value="${cors.exposed.headers:}" />
<property name="supportsCredentials" value="${cors.support.credentials:true}" />
<property name="preflightMaxAge" value="${cors.preflight.maxage:1800}" />
Expand Down

0 comments on commit 0e4b939

Please sign in to comment.