ff138895bbb419cbc8cf40e9a3716048f1cb528f,mockserver-war/src/main/java/org/mockserver/server/MockServerServlet.java,MockServerServlet,addCORSHeaders,#HttpServletResponse#,172

Before Change



    private void addCORSHeaders(HttpServletResponse httpServletResponse) {
        if (enableCORS()) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE");
            httpServletResponse.setHeader("Access-Control-Allow-Headers", "Allow, Content-Encoding, Content-Length, Content-Type, ETag, Expires, Last-Modified, Location, Server, Vary");
            httpServletResponse.setHeader("X-CORS", "MockServer CORS support enabled by default, to disable ConfigurationProperties.enableCORS(false) or -Dmockserver.disableCORS=false");

After Change


        String methods = "CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE";
        String headers = "Allow, Content-Encoding, Content-Length, Content-Type, ETag, Expires, Last-Modified, Location, Server, Vary";
        if (httpServletResponse.getHeaders("Access-Control-Allow-Origin").isEmpty()) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        }
        if (httpServletResponse.getHeaders("Access-Control-Allow-Methods").isEmpty()) {
            httpServletResponse.setHeader("Access-Control-Allow-Methods", methods);
        }
        if (httpServletResponse.getHeaders("Access-Control-Allow-Headers").isEmpty()) {
            httpServletResponse.setHeader("Access-Control-Allow-Headers", headers);
        }
        if (httpServletResponse.getHeaders("Access-Control-Expose-Headers").isEmpty()) {
            httpServletResponse.setHeader("Access-Control-Expose-Headers", headers);
        }
        if (httpServletResponse.getHeaders("Access-Control-Max-Age").isEmpty()) {
            httpServletResponse.setHeader("Access-Control-Max-Age", "1");
        }
        if (httpServletResponse.getHeaders("X-CORS").isEmpty()) {
            httpServletResponse.setHeader("X-CORS", "MockServer CORS support enabled by default, to disable ConfigurationProperties.enableCORSForAPI(false) or -Dmockserver.disableCORS=false");