Allow "*" for Access-Control-Expose-Headers

Closes gh-26113
This commit is contained in:
Rossen Stoyanchev
2020-11-19 09:20:55 +00:00
parent 684e695b08
commit 8c3a05bbcf
6 changed files with 23 additions and 25 deletions

View File

@@ -114,6 +114,8 @@ public @interface CrossOrigin {
* {@code Expires}, {@code Last-Modified}, or {@code Pragma},
* <p>Exposed headers are listed in the {@code Access-Control-Expose-Headers}
* response header of actual CORS requests.
* <p>The special value {@code "*"} allows all headers to be exposed for
* non-credentialed requests.
* <p>By default no headers are listed as exposed.
*/
String[] exposedHeaders() default {};

View File

@@ -329,13 +329,11 @@ public class CorsConfiguration {
* {@code Cache-Control}, {@code Content-Language}, {@code Content-Type},
* {@code Expires}, {@code Last-Modified}, or {@code Pragma}) that an
* actual response might have and can be exposed.
* <p>Note that {@code "*"} is not a valid exposed header value.
* <p>The special value {@code "*"} allows all headers to be exposed for
* non-credentialed requests.
* <p>By default this is not set.
*/
public void setExposedHeaders(@Nullable List<String> exposedHeaders) {
if (exposedHeaders != null && exposedHeaders.contains(ALL)) {
throw new IllegalArgumentException("'*' is not a valid exposed header value");
}
this.exposedHeaders = (exposedHeaders != null ? new ArrayList<>(exposedHeaders) : null);
}
@@ -351,12 +349,10 @@ public class CorsConfiguration {
/**
* Add a response header to expose.
* <p>Note that {@code "*"} is not a valid exposed header value.
* <p>The special value {@code "*"} allows all headers to be exposed for
* non-credentialed requests.
*/
public void addExposedHeader(String exposedHeader) {
if (ALL.equals(exposedHeader)) {
throw new IllegalArgumentException("'*' is not a valid exposed header value");
}
if (this.exposedHeaders == null) {
this.exposedHeaders = new ArrayList<>(4);
}