spring-framework

History

Sébastien Deleuze 76b8bb2c75 Refine CORS documentation for wildcard processing This commit refines CORS wildcard processing Javadoc to provides more details on how wildcards are handled for Access-Control-Allow-Methods, Access-Control-Allow-Headers and Access-Control-Expose-Headers CORS headers. For Access-Control-Expose-Headers, it is not possible to copy the response headers which are not available at the point when the CorsProcessor is invoked. Since all the major browsers seem to support wildcard including on requests with credentials, and since this is ultimately the user-agent responsibility to check on client-side what is authorized or not, Spring Framework continues to support this use case. See gh-31143	2023-09-11 18:07:31 +02:00
..
src	Refine CORS documentation for wildcard processing	2023-09-11 18:07:31 +02:00
spring-webmvc.gradle	Consistent dependency declarations	2023-08-02 00:56:50 +02:00

Sébastien Deleuze 76b8bb2c75 Refine CORS documentation for wildcard processing

This commit refines CORS wildcard processing Javadoc to
provides more details on how wildcards are handled for
Access-Control-Allow-Methods, Access-Control-Allow-Headers
and Access-Control-Expose-Headers CORS headers.

For Access-Control-Expose-Headers, it is not possible to copy
the response headers which are not available at the point
when the CorsProcessor is invoked. Since all the major browsers
seem to support wildcard including on requests with credentials,
and since this is ultimately the user-agent responsibility to
check on client-side what is authorized or not, Spring Framework
continues to support this use case.

See gh-31143

2023-09-11 18:07:31 +02:00

src

Refine CORS documentation for wildcard processing

2023-09-11 18:07:31 +02:00

spring-webmvc.gradle

Consistent dependency declarations

2023-08-02 00:56:50 +02:00