Merge pull request #3059 from izeye/patch-12

* patch-12: Fix allowCredentials property handling
10 years ago · 6575b31fb1
parent fc067d1b75 88612393f3
commit 6575b31fb1
2 changed files with 10 additions and 1 deletions
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/MvcEndpointCorsProperties.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/MvcEndpointCorsProperties.java
@ -133,7 +133,7 @@ public class MvcEndpointCorsProperties {
 			corsConfiguration.setMaxAge(this.maxAge);
 		}
 		if (this.allowCredentials != null) {
-			corsConfiguration.setAllowCredentials(true);
+			corsConfiguration.setAllowCredentials(this.allowCredentials);
 		}
 		return corsConfiguration;
 	}
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointCorsIntegrationTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointCorsIntegrationTests.java
@ -160,6 +160,15 @@ public class MvcEndpointCorsIntegrationTests {
 				header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"));
 	}

+	@Test
+	public void credentialsCanBeDisabled() throws Exception {
+		EnvironmentTestUtils.addEnvironment(this.context,
+				"endpoints.cors.allowed-origins:foo.example.com",
+				"endpoints.cors.allow-credentials:false");
+		performAcceptedCorsRequest().andExpect(
+				header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
+	}
+
 	@Test
 	public void jolokiaEndpointUsesGlobalCorsConfiguration() throws Exception {
 		EnvironmentTestUtils.addEnvironment(this.context,