CORS allowed-origin restrictions aren’t causing the server to reject requests

Question

I am using Spring Boot v1.5.1, and it seems my restriction on CORS origin is not working.

My application.properties file has the following line (ref1 ref2).

Answer 1

Explicitly specifying the domain as string in @CrossOrigin("http://mydomain.io") will work. I dont' think this will work @CrossOrigin("${endpoints.cors.allowed-origins}").