Files
spring-framework/spring-webmvc/src/test/java/org/springframework
sdeleuze 652e5c5584 Disable CORS credentials by default
Access-Control-Allow-Credentials CORS header, used to
allow cookies with CORS requests, is not set to true
anymore by default when enabling CORS with
@CrossOrigin or global CORS configuration in order to
provide a more secured default CORS configuration.

The related allowCredentials property now requires to
be set to true explicitly in order to support cookies
with CORS requests.

Issue: SPR-16130
2017-11-22 22:46:44 +01:00
..
2017-11-22 22:46:44 +01:00