Fix #450

* Fix #450 * Update CHANGELOG.md
Neoteroi · Dec 18, 2023 · 36d17cd · 36d17cd
1 parent 1a4ca42
commit 36d17cd
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.3] - 2023-12-18 :gift:
+
+- Fixes #450, about missing `Access-Control-Allow-Credentials` response header
+  in CORS responses after successful pre-flight requests. Reported by @waweber
+
 ## [2.0.2] - 2023-12-15 :christmas_tree:
 
 - Upgrades default SwaggerUI files to version 5, by @sinisaos

diff --git a/blacksheep/__init__.py b/blacksheep/__init__.py
@@ -3,7 +3,7 @@
 used types to reduce the verbosity of the imports statements.
 """
 __author__ = "Roberto Prevato <[email protected]>"
-__version__ = "2.0.2"
+__version__ = "2.0.3"
 
 from .contents import Content as Content
 from .contents import FormContent as FormContent

diff --git a/blacksheep/server/cors.py b/blacksheep/server/cors.py
@@ -344,6 +344,8 @@ async def cors_middleware(request: Request, handler):
 
         _set_cors_origin(response, origin_response)
         response.set_header(b"Access-Control-Expose-Headers", expose_headers)
+        if policy.allow_credentials:
+            response.set_header(b"Access-Control-Allow-Credentials", b"true")
 
         return response