By default set allowAnyOrigin to false if cors.allowOrigin is empty

Create issue
Issue #34 new
Former user created an issue

In CORSCOnfiguration.java When this class is instantiated, the current behavior is that if the value of the property "cors.allowOrigin" is empty or null. allowAnyOrigin is set to true by default.

So if I don't want to allow any origins, how can I set the properties object? It seems not possible with the current implementation because of this default behavior.

So I am suggesting if we could set allowAnyOrigin to true if the value of the property "cors.allowOrigin" is set to null, false if the value is set to empty. I think if a user explicitly set the cors.allowOrigin to empty, it means they don't want to allow any origins.

Thanks

Comments (1)

  1. Log in to comment