When the CorsConfiguration is configured to allow credentials you cannot use wildcards on the allowedOrigins attribute.
The CorsConfiguration itself asks to use the allowedOriginPatterns when do you want to use wildcards and allow credentials at the same time.
However, there isn't a way to configure the allowedOriginPatterns on the CorsEndpointProperties.
I've just added the possibility to configure the allowedOriginPatterns on the CorsEndpointProperties.
Comment From: pivotal-issuemaster
@pedivo Please sign the Contributor License Agreement!
Click here to manually synchronize the status of this Pull Request.
See the FAQ for frequently asked questions.
Comment From: pivotal-issuemaster
@pedivo Thank you for signing the Contributor License Agreement!
Comment From: wilkinsona
Closed by https://github.com/spring-projects/spring-boot/commit/847bb62d6915aa65be270995ff6f2f318707f6a9 (unfortunately, I typo'd the issue reference).
@pedivo Thanks very much for making your first contribution to Spring Boot.