From 36d17cdf6aa833a9b0e9e7e2e9e3f4cfef912e71 Mon Sep 17 00:00:00 2001 From: Roberto Prevato Date: Mon, 18 Dec 2023 18:40:58 +0100 Subject: [PATCH] Fix #450 * Fix #450 * Update CHANGELOG.md --- CHANGELOG.md | 5 +++++ blacksheep/__init__.py | 2 +- blacksheep/server/cors.py | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff887161..f666c0ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2.0.3] - 2023-12-18 :gift: + +- Fixes #450, about missing `Access-Control-Allow-Credentials` response header + in CORS responses after successful pre-flight requests. Reported by @waweber + ## [2.0.2] - 2023-12-15 :christmas_tree: - Upgrades default SwaggerUI files to version 5, by @sinisaos diff --git a/blacksheep/__init__.py b/blacksheep/__init__.py index 0f4a559e..7d05b956 100644 --- a/blacksheep/__init__.py +++ b/blacksheep/__init__.py @@ -3,7 +3,7 @@ used types to reduce the verbosity of the imports statements. """ __author__ = "Roberto Prevato " -__version__ = "2.0.2" +__version__ = "2.0.3" from .contents import Content as Content from .contents import FormContent as FormContent diff --git a/blacksheep/server/cors.py b/blacksheep/server/cors.py index ac709fb1..1b7a4c4f 100644 --- a/blacksheep/server/cors.py +++ b/blacksheep/server/cors.py @@ -344,6 +344,8 @@ async def cors_middleware(request: Request, handler): _set_cors_origin(response, origin_response) response.set_header(b"Access-Control-Expose-Headers", expose_headers) + if policy.allow_credentials: + response.set_header(b"Access-Control-Allow-Credentials", b"true") return response