Add Access-Control-Request-Method check for CORS preflight requests
Issue: SPR-13193
This commit is contained in:
@@ -61,6 +61,7 @@ import org.springframework.web.context.request.async.WebAsyncUtils;
|
||||
import org.springframework.web.context.support.ServletRequestHandledEvent;
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
import org.springframework.web.context.support.XmlWebApplicationContext;
|
||||
import org.springframework.web.cors.CorsUtils;
|
||||
import org.springframework.web.util.NestedServletException;
|
||||
import org.springframework.web.util.WebUtils;
|
||||
|
||||
@@ -903,7 +904,7 @@ public abstract class FrameworkServlet extends HttpServletBean implements Applic
|
||||
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
|
||||
if (this.dispatchOptionsRequest || request.getHeader("Origin") != null) {
|
||||
if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
|
||||
processRequest(request, response);
|
||||
if (response.containsHeader("Allow")) {
|
||||
// Proper OPTIONS response coming from a handler - we're done.
|
||||
|
||||
Reference in New Issue
Block a user