Merge pull request #3059 from izeye/patch-12

* patch-12: Fix allowCredentials property handling

Merge pull request #3059 from izeye/patch-12
* patch-12: Fix allowCredentials property handling
6575b31f · Stephane Nicoll · fc067d1b · 88612393 · 6575b31f · 6575b31f
Commit 6575b31f authored May 28, 2015 by Stephane Nicoll
Showing with 10 additions and 1 deletion

MvcEndpointCorsProperties.java ...boot/actuate/autoconfigure/MvcEndpointCorsProperties.java +1 -1

MvcEndpointCorsIntegrationTests.java ...actuate/endpoint/mvc/MvcEndpointCorsIntegrationTests.java +9 -0

No files found.
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/MvcEndpointCorsProperties.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/MvcEndpointCorsProperties.java
@@ -133,7 +133,7 @@ public class MvcEndpointCorsProperties {
 			corsConfiguration.setMaxAge(this.maxAge);
 		}
 		if (this.allowCredentials != null) {
-			corsConfiguration.setAllowCredentials(true);
+			corsConfiguration.setAllowCredentials(this.allowCredentials);
 		}
 		return corsConfiguration;
 	}

--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointCorsIntegrationTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointCorsIntegrationTests.java
@@ -160,6 +160,15 @@ public class MvcEndpointCorsIntegrationTests {
 				header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"));
 	}
+	@Test
+	public void credentialsCanBeDisabled() throws Exception {
+		EnvironmentTestUtils.addEnvironment(this.context,
+				"endpoints.cors.allowed-origins:foo.example.com",
+				"endpoints.cors.allow-credentials:false");
+		performAcceptedCorsRequest().andExpect(
+				header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
+	}
 	@Test
 	public void jolokiaEndpointUsesGlobalCorsConfiguration() throws Exception {
 		EnvironmentTestUtils.addEnvironment(this.context,