diff --git a/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts b/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts
index 63e88d55d3d..89fbf5bbfcc 100644
--- a/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts
+++ b/gravitee-apim-console-webui/src/entities/management-api-v2/api/cors.ts
@@ -22,5 +22,6 @@ export interface Cors {
enabled?: boolean;
exposeHeaders?: string[];
maxAge?: number;
+ allowPrivateNetwork?: boolean;
runPolicies?: boolean;
}
diff --git a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html
index 1940ccf1f66..befaa9007c6 100644
--- a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html
+++ b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.html
@@ -144,6 +144,22 @@
+
+
+
+ Access-Control-Allow-Private-Network
+ When enabled, the gateway responds with Access-Control-Allow-Private-Network: true to preflight requests that include
+ Access-Control-Request-Private-Network: true. This is required for public websites to access private network
+ resources.
+
+
+
+
diff --git a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts
index ef1b5fe53e6..99199ebae07 100644
--- a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts
+++ b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.spec.ts
@@ -127,6 +127,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: false,
exposeHeaders: [],
maxAge: -1,
+ allowPrivateNetwork: false,
runPolicies: false,
});
});
@@ -143,6 +144,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: true,
maxAge: 10,
exposeHeaders: ['exposeHeaders'],
+ allowPrivateNetwork: true,
runPolicies: true,
},
},
@@ -179,6 +181,12 @@ describe('ApiCorsComponent', () => {
expect(await exposeHeadersInput.getTags()).toEqual(['exposeHeaders']);
await exposeHeadersInput.addTag('exposeHeaders2');
+ const allowPrivateNetworkInput = await loader.getHarness(
+ MatSlideToggleHarness.with({ selector: '[formControlName="allowPrivateNetwork"]' }),
+ );
+ expect(await allowPrivateNetworkInput.isChecked()).toEqual(true);
+ await allowPrivateNetworkInput.toggle();
+
const runPoliciesInput = await loader.getHarness(MatSlideToggleHarness.with({ selector: '[formControlName="runPolicies"]' }));
expect(await runPoliciesInput.isChecked()).toEqual(true);
await runPoliciesInput.toggle();
@@ -197,6 +205,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: false,
maxAge: 20,
exposeHeaders: ['exposeHeaders', 'exposeHeaders2'],
+ allowPrivateNetwork: false,
runPolicies: false,
});
});
@@ -238,6 +247,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: false,
exposeHeaders: [],
maxAge: -1,
+ allowPrivateNetwork: false,
runPolicies: false,
});
});
@@ -310,6 +320,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: false,
exposeHeaders: [],
maxAge: -1,
+ allowPrivateNetwork: false,
runPolicies: false,
});
});
@@ -361,6 +372,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: false,
exposeHeaders: [],
maxAge: -1,
+ allowPrivateNetwork: false,
runPolicies: false,
});
});
@@ -382,6 +394,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: true,
maxAge: 10,
exposeHeaders: ['exposeHeaders'],
+ allowPrivateNetwork: true,
runPolicies: true,
},
},
@@ -419,6 +432,12 @@ describe('ApiCorsComponent', () => {
expect(await exposeHeadersInput.getTags()).toEqual(['exposeHeaders']);
await exposeHeadersInput.addTag('exposeHeaders2');
+ const allowPrivateNetworkInput = await loader.getHarness(
+ MatSlideToggleHarness.with({ selector: '[formControlName="allowPrivateNetwork"]' }),
+ );
+ expect(await allowPrivateNetworkInput.isChecked()).toEqual(true);
+ await allowPrivateNetworkInput.toggle();
+
const runPoliciesInput = await loader.getHarness(MatSlideToggleHarness.with({ selector: '[formControlName="runPolicies"]' }));
expect(await runPoliciesInput.isChecked()).toEqual(true);
await runPoliciesInput.toggle();
@@ -437,6 +456,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: false,
maxAge: 20,
exposeHeaders: ['exposeHeaders', 'exposeHeaders2'],
+ allowPrivateNetwork: false,
runPolicies: false,
});
});
@@ -475,6 +495,7 @@ describe('ApiCorsComponent', () => {
allowCredentials: false,
exposeHeaders: [],
maxAge: -1,
+ allowPrivateNetwork: false,
runPolicies: false,
});
});
diff --git a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts
index ad8b8bd59c0..d7c6a4d51ac 100644
--- a/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts
+++ b/gravitee-apim-console-webui/src/management/api/cors/api-cors.component.ts
@@ -123,6 +123,10 @@ export class ApiCorsComponent implements OnInit, OnDestroy {
value: cors.exposeHeaders ?? [],
disabled: isCorsDisabled,
}),
+ allowPrivateNetwork: new UntypedFormControl({
+ value: cors.allowPrivateNetwork ?? false,
+ disabled: isCorsDisabled,
+ }),
runPolicies: new UntypedFormControl({
value: cors.runPolicies ?? false,
disabled: isCorsDisabled,
@@ -131,7 +135,16 @@ export class ApiCorsComponent implements OnInit, OnDestroy {
this.initialCorsFormValue = this.corsForm.getRawValue();
// Disable all Control if enabled is not checked
- const controlKeys = ['allowOrigin', 'allowMethods', 'allowHeaders', 'allowCredentials', 'maxAge', 'exposeHeaders', 'runPolicies'];
+ const controlKeys = [
+ 'allowOrigin',
+ 'allowMethods',
+ 'allowHeaders',
+ 'allowCredentials',
+ 'maxAge',
+ 'exposeHeaders',
+ 'allowPrivateNetwork',
+ 'runPolicies',
+ ];
this.corsForm.get('enabled').valueChanges.subscribe(checked => {
controlKeys.forEach(k => {
return checked ? this.corsForm.get(k).enable() : this.corsForm.get(k).disable();
@@ -205,6 +218,7 @@ export class ApiCorsComponent implements OnInit, OnDestroy {
allowCredentials: corsFormValue.allowCredentials,
maxAge: corsFormValue.maxAge,
exposeHeaders: corsFormValue.exposeHeaders,
+ allowPrivateNetwork: corsFormValue.allowPrivateNetwork,
runPolicies: corsFormValue.runPolicies,
},
},
@@ -223,6 +237,7 @@ export class ApiCorsComponent implements OnInit, OnDestroy {
allowCredentials: corsFormValue.allowCredentials,
maxAge: corsFormValue.maxAge,
exposeHeaders: corsFormValue.exposeHeaders,
+ allowPrivateNetwork: corsFormValue.allowPrivateNetwork,
runPolicies: corsFormValue.runPolicies,
};
});
diff --git a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java
index fdffcdce200..4585cc27397 100644
--- a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java
+++ b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/deser/CorsDeserializer.java
@@ -66,6 +66,7 @@ public Cors deserialize(JsonParser jp, DeserializationContext ctxt) throws IOExc
cors.setAccessControlMaxAge(-1);
}
cors.setRunPolicies(node.path("runPolicies").asBoolean(false));
+ cors.setAllowPrivateNetwork(node.path("allowPrivateNetwork").asBoolean(false));
}
return cors;
diff --git a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java
index 6badd8cd096..21cb964bb03 100644
--- a/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java
+++ b/gravitee-apim-definition/gravitee-apim-definition-jackson/src/main/java/io/gravitee/definition/jackson/datatype/api/ser/CorsSerializer.java
@@ -115,6 +115,10 @@ public void serialize(Cors cors, JsonGenerator jgen, SerializerProvider provider
jgen.writeBooleanField("runPolicies", cors.isRunPolicies());
}
+ if (cors.isAllowPrivateNetwork()) {
+ jgen.writeBooleanField("allowPrivateNetwork", cors.isAllowPrivateNetwork());
+ }
+
jgen.writeEndObject();
}
}
diff --git a/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java b/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java
index 6ab270bd7e6..f8e0ddbaa8a 100644
--- a/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java
+++ b/gravitee-apim-definition/gravitee-apim-definition-model/src/main/java/io/gravitee/definition/model/Cors.java
@@ -77,6 +77,10 @@ public class Cors implements Serializable {
@JsonInclude(JsonInclude.Include.NON_DEFAULT)
private boolean runPolicies;
+ @JsonProperty("allowPrivateNetwork")
+ @JsonInclude(JsonInclude.Include.NON_DEFAULT)
+ private boolean allowPrivateNetwork;
+
public static int getDefaultErrorStatusCode() {
return DEFAULT_ERROR_STATUS_CODE;
}
@@ -164,4 +168,12 @@ public boolean isRunPolicies() {
public void setRunPolicies(boolean runPolicies) {
this.runPolicies = runPolicies;
}
+
+ public boolean isAllowPrivateNetwork() {
+ return allowPrivateNetwork;
+ }
+
+ public void setAllowPrivateNetwork(boolean allowPrivateNetwork) {
+ this.allowPrivateNetwork = allowPrivateNetwork;
+ }
}
diff --git a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java
index 31cb706c116..0158d50f11c 100644
--- a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java
+++ b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/handlers/api/processor/cors/CorsPreflightRequestProcessor.java
@@ -145,6 +145,15 @@ private void handlePreflightRequest(Request request, Response response) {
.headers()
.set(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, String.join(JOINER_CHAR_SEQUENCE, cors.getAccessControlAllowHeaders()));
+ // 11. Private Network Access: if enabled and request includes Access-Control-Request-Private-Network,
+ // respond with Access-Control-Allow-Private-Network: true
+ if (cors.isAllowPrivateNetwork()) {
+ String pnaRequest = request.headers().getFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK);
+ if ("true".equalsIgnoreCase(pnaRequest)) {
+ response.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK, "true");
+ }
+ }
+
response.status(HttpStatusCode.OK_200);
}
diff --git a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java
index dba59c24f48..1565da72d14 100644
--- a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java
+++ b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/main/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessor.java
@@ -177,6 +177,16 @@ private boolean handlePreflightRequest(final Cors cors, final HttpBaseExecutionC
.headers()
.set(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS, String.join(JOINER_CHAR_SEQUENCE, cors.getAccessControlAllowHeaders()));
}
+
+ // 11. Private Network Access: if enabled and request includes Access-Control-Request-Private-Network,
+ // respond with Access-Control-Allow-Private-Network: true
+ if (cors.isAllowPrivateNetwork()) {
+ String pnaRequest = request.headers().get(HttpHeaderNames.ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK);
+ if ("true".equalsIgnoreCase(pnaRequest)) {
+ response.headers().set(HttpHeaderNames.ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK, "true");
+ }
+ }
+
return true;
}
diff --git a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java
index 7640c327b61..142198910dd 100644
--- a/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java
+++ b/gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/src/test/java/io/gravitee/gateway/reactive/handlers/api/processor/cors/CorsPreflightRequestProcessorTest.java
@@ -15,7 +15,9 @@
*/
package io.gravitee.gateway.reactive.handlers.api.processor.cors;
+import static io.gravitee.gateway.api.http.HttpHeaderNames.ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK;
import static io.gravitee.gateway.api.http.HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD;
+import static io.gravitee.gateway.api.http.HttpHeaderNames.ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK;
import static io.gravitee.gateway.api.http.HttpHeaderNames.ORIGIN;
import static io.gravitee.gateway.reactive.api.context.InternalContextAttributes.ATTR_INTERNAL_INVOKER;
import static io.gravitee.gateway.reactive.api.context.InternalContextAttributes.ATTR_INTERNAL_SECURITY_SKIP;
@@ -318,6 +320,35 @@ public void shouldInterruptWithWildcardHeadersWhenCorsEnabledAndValidRequest() {
assertThat(spyCtx.getInternalAttribute(ATTR_INTERNAL_INVOKER)).isNull();
}
+ @Test
+ public void shouldSetAllowPrivateNetworkHeaderWhenEnabledAndRequestHasPnaHeader() {
+ api.getProxy().getCors().setAllowPrivateNetwork(true);
+ spyRequestHeaders.set(ORIGIN, "origin");
+ spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_METHOD, "GET");
+ spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK, "true");
+ corsPreflightRequestProcessor.execute(spyCtx).test().assertError(InterruptionException.class);
+ assertThat(spyResponseHeaders.get(ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK)).isEqualTo("true");
+ }
+
+ @Test
+ public void shouldNotSetAllowPrivateNetworkHeaderWhenEnabledButRequestMissingPnaHeader() {
+ api.getProxy().getCors().setAllowPrivateNetwork(true);
+ spyRequestHeaders.set(ORIGIN, "origin");
+ spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_METHOD, "GET");
+ corsPreflightRequestProcessor.execute(spyCtx).test().assertError(InterruptionException.class);
+ assertThat(spyResponseHeaders.get(ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK)).isNull();
+ }
+
+ @Test
+ public void shouldNotSetAllowPrivateNetworkHeaderWhenDisabledAndRequestHasPnaHeader() {
+ api.getProxy().getCors().setAllowPrivateNetwork(false);
+ spyRequestHeaders.set(ORIGIN, "origin");
+ spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_METHOD, "GET");
+ spyRequestHeaders.set(ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK, "true");
+ corsPreflightRequestProcessor.execute(spyCtx).test().assertError(InterruptionException.class);
+ assertThat(spyResponseHeaders.get(ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK)).isNull();
+ }
+
@Test
public void shouldCompleteWithoutAddingHeadersWhenCorsWildcardAndInvalidRequest() {
api.getProxy().getCors().setAccessControlAllowMethods(Set.of("*"));
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml
index 4255e52ce93..c6c4e3bc0b7 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml
@@ -4179,6 +4179,9 @@ components:
default: -1
runPolicies:
type: boolean
+ allowPrivateNetwork:
+ type: boolean
+ description: Allow private network access (PNA) requests during CORS preflight
Dlq:
type: object
properties:
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java
index 7d35935d88a..e2626e38115 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/fixtures/CorsFixtures.java
@@ -36,7 +36,8 @@ private CorsFixtures() {}
.enabled(true)
.exposeHeaders(Set.of("exposeHeader1", "exposeHeader2"))
.maxAge(10)
- .runPolicies(true);
+ .runPolicies(true)
+ .allowPrivateNetwork(true);
public static Cors aCors() {
return BASE_CORS.get();
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java
index 80a95d9a503..b6de015062a 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/mapper/CorsMapperTest.java
@@ -39,6 +39,7 @@ void shouldMapToCorsEntity() {
assertThat(corsEntity.getAccessControlExposeHeaders()).isEqualTo(cors.getExposeHeaders());
assertThat(corsEntity.getAccessControlMaxAge()).isEqualTo(cors.getMaxAge());
assertThat(corsEntity.isRunPolicies()).isEqualTo(cors.getRunPolicies());
+ assertThat(corsEntity.isAllowPrivateNetwork()).isEqualTo(cors.getAllowPrivateNetwork());
}
@Test
@@ -55,5 +56,6 @@ void shouldMapFromCorsEntity() {
assertThat(cors.getExposeHeaders()).isEqualTo(corsEntity.getAccessControlExposeHeaders());
assertThat(cors.getMaxAge()).isEqualTo(corsEntity.getAccessControlMaxAge());
assertThat(cors.getRunPolicies()).isEqualTo(corsEntity.isRunPolicies());
+ assertThat(cors.getAllowPrivateNetwork()).isEqualTo(corsEntity.isAllowPrivateNetwork());
}
}
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java
index 37db44ed9bd..a0777433ce4 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-test-fixtures/src/main/java/fixtures/CorsModelFixtures.java
@@ -29,7 +29,8 @@ private CorsModelFixtures() {}
.enabled(true)
.accessControlExposeHeaders(Set.of("exposeHeader1", "exposeHeader2"))
.accessControlMaxAge(10)
- .runPolicies(true);
+ .runPolicies(true)
+ .allowPrivateNetwork(true);
public static io.gravitee.definition.model.Cors aModelCors() {
return BASE_MODEL_CORS.build();
diff --git a/pom.xml b/pom.xml
index 4998e5ea145..3a973c28037 100644
--- a/pom.xml
+++ b/pom.xml
@@ -55,13 +55,13 @@
3.11.0
2.3.1
1.7.0
- 4.9.0
+ 4.9.1
1.0.0
1.1.5
2.0.1
4.3.0
2.1.0
- 5.1.0
+ 5.1.1
5.1.0
2.2.0
3.7.1