|
@@ -28,7 +28,7 @@ public class CorsFilter extends OncePerRequestFilter {
|
28
|
28
|
response.setHeader("Access-Control-Allow-Origin", origin);
|
29
|
29
|
response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
|
30
|
30
|
response.setHeader("Access-Control-Max-Age", "3600");
|
31
|
|
- response.setHeader("Access-Control-Allow-Headers", "*");
|
|
31
|
+ response.setHeader("Access-Control-Allow-Headers", String.join(", ", crosProperties.getAllowHeaders()));
|
32
|
32
|
response.addHeader("Access-Control-Expose-Headers", String.join(", ", crosProperties.getExposedHeaders()));
|
33
|
33
|
|
34
|
34
|
if ("OPTIONS".equals(request.getMethod())) {
|