Personal-Twin/hapi-fhir-jpaserver-starter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: update CORS configuration to set allow_Credentials default to false

Browse Source
This commit is contained in:
Patrick Werner
2026-03-12 20:03:50 +01:00
parent 8069b7019a
commit 2ce85f064f
5 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java
View File

@@ -890,7 +890,7 @@ public class AppProperties {
private static final List<String> DEFAULT_ALLOWED_METHODS =
List.of("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD");
private Boolean allow_Credentials = true;
private Boolean allow_Credentials = false;
private List<String> allowed_origin = List.of("*");
private List<String> allowed_headers = DEFAULT_ALLOWED_HEADERS;
private List<String> exposed_headers = DEFAULT_EXPOSED_HEADERS;