Allways use origin header as access controll allow origin

parent 0e189912
......@@ -16,7 +16,9 @@ public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
if (request.getHeader("origin") == null) {
response.addHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
}
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Methods", "GET");
response.addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With");
......
include "connector-model", "connector-client", "connector-service"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment