Fix #450 (#453)

Neoteroi · Dec 18, 2023 · b2ad6f1 · b2ad6f1
1 parent 041ff8b
commit b2ad6f1
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.19] - 2023-12-18 :gift:
+
+- Fixes #450, about missing `Access-Control-Allow-Credentials` response header
+  in CORS responses after successful pre-flight requests. Reported by @waweber
+
 ## [1.2.18] - 2023-07-14 :no_entry:
 
 - Fixes bug #394, causing the `Content` max body size to be 2147483647

diff --git a/blacksheep/server/cors.py b/blacksheep/server/cors.py
@@ -344,6 +344,8 @@ async def cors_middleware(request: Request, handler):
 
         _set_cors_origin(response, origin_response)
         response.set_header(b"Access-Control-Expose-Headers", expose_headers)
+        if policy.allow_credentials:
+            response.set_header(b"Access-Control-Allow-Credentials", b"true")
 
         return response
 

diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@ def readme():
 
 setup(
     name="blacksheep",
-    version="1.2.18",
+    version="1.2.19",
     description="Fast web framework for Python asyncio",
     long_description=readme(),
     long_description_content_type="text/markdown",