From dbbc83558437f572f8848dc7b5569b1430d0108f Mon Sep 17 00:00:00 2001
From: Jonathan <233355@gmail.com>
Date: Sun, 4 Dec 2016 19:25:10 +0800
Subject: [PATCH] Fix logic error for when setting allowedAllOrigins and
 allowedCredentials

`Access-Control-Allow-Origin` should returning `Origin` originally of
requests when allowCredentials and allowAllOrigins.
---
 config.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/config.go b/config.go
index 1d1982b..cd360bc 100644
--- a/config.go
+++ b/config.go
@@ -8,6 +8,7 @@ import (
 
 type cors struct {
 	allowAllOrigins  bool
+	allowCredentials bool
 	allowOriginFunc  func(string) bool
 	allowOrigins     []string
 	exposeHeaders    []string
@@ -22,6 +23,7 @@ func newCors(config Config) *cors {
 	return &cors{
 		allowOriginFunc:  config.AllowOriginFunc,
 		allowAllOrigins:  config.AllowAllOrigins,
+		allowCredentials: config.AllowCredentials,
 		allowOrigins:     normalize(config.AllowOrigins),
 		normalHeaders:    generateNormalHeaders(config),
 		preflightHeaders: generatePreflightHeaders(config),
@@ -46,7 +48,7 @@ func (cors *cors) applyCors(c *gin.Context) {
 		cors.handleNormal(c)
 	}
 
-	if !cors.allowAllOrigins {
+	if !cors.allowAllOrigins && !cors.allowCredentials {
 		c.Header("Access-Control-Allow-Origin", origin)
 	}
 }