Add support for access-control-allow-credentials CORS header when CORS_ALLOWED_ORIGINS is not a wildcard

startup.sh

@@ -54,6 +54,14 @@ fi
 if [ "${CORS_ENABLED}" = "true" ]; then
   if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then
     echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"
+
+    # Add support for access-control-allow-credentials when the origin is not a wildcard
+    if [ "${CORS_ALLOWED_ORIGINS}" != "*" ]; then
+      CORS_ALLOW_CREDENTIALS="true"
+    else
+      CORS_ALLOW_CREDENTIALS="false"
+    fi
+
     sed -i "\:</web-app>:i\\
     <filter>\n\
       <filter-name>DockerGeoServerCorsFilter</filter-name>\n\
@@ -70,6 +78,10 @@ if [ "${CORS_ENABLED}" = "true" ]; then
         <param-name>cors.allowed.headers</param-name>\n\
         <param-value>${CORS_ALLOWED_HEADERS}</param-value>\n\
       </init-param>\n\
+      <init-param>\n\
+        <param-name>cors.support.credentials</param-name>\n\
+        <param-value>${CORS_ALLOW_CREDENTIALS}</param-value>\n\
+      </init-param>\n\
     </filter>\n\
     <filter-mapping>\n\
       <filter-name>DockerGeoServerCorsFilter</filter-name>\n\