You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ch...@apache.org on 2013/11/07 20:35:04 UTC
[2/2] git commit: updated refs/heads/1922-cors-reduce-headers to
a9486d2
COUCHDB-1922: fix CORS exposed headers
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/a9486d26
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/a9486d26
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/a9486d26
Branch: refs/heads/1922-cors-reduce-headers
Commit: a9486d2668939fb87a7298d31a7717be0d1912cc
Parents: 0a6dead
Author: Russell Branca <ch...@gmail.com>
Authored: Thu Nov 7 11:34:58 2013 -0800
Committer: Russell Branca <ch...@gmail.com>
Committed: Thu Nov 7 11:34:58 2013 -0800
----------------------------------------------------------------------
src/couchdb/couch_httpd_cors.erl | 8 +++++---
test/etap/231-cors.t | 2 +-
2 files changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/a9486d26/src/couchdb/couch_httpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_cors.erl b/src/couchdb/couch_httpd_cors.erl
index dde2cfd..9ac8858 100644
--- a/src/couchdb/couch_httpd_cors.erl
+++ b/src/couchdb/couch_httpd_cors.erl
@@ -37,6 +37,8 @@
% as defined in http://www.w3.org/TR/cors/#terminology
-define(SIMPLE_HEADERS, ["Cache-Control", "Content-Language",
"Content-Type", "Expires", "Last-Modified", "Pragma"]).
+-define(ALLOWED_HEADERS, lists:sort(["Server", "Etag",
+ "Accept-Ranges" | ?SIMPLE_HEADERS])).
-define(SIMPLE_CONTENT_TYPE_VALUES, ["application/x-www-form-urlencoded",
"multipart/form-data", "text/plain"]).
@@ -214,7 +216,7 @@ maybe_apply_cors_headers(CorsHeaders, RequestHeaders0) ->
% return: RequestHeaders ++ CorsHeaders ++ ACEH
RequestHeaders = [K || {K,_V} <- RequestHeaders0],
- ExposedHeaders0 = reduce_headers(RequestHeaders, ?SIMPLE_HEADERS),
+ ExposedHeaders0 = reduce_headers(RequestHeaders, ?ALLOWED_HEADERS),
% here we may have not moved Content-Type into ExposedHeaders,
% now we need to check whether the Content-Type valus is
@@ -244,10 +246,10 @@ reduce_headers(A, B) ->
reduce_headers0(A, B, []).
reduce_headers0([], _B, Result) ->
- Result;
+ lists:sort(Result);
reduce_headers0([ElmA|RestA], B, Result) ->
R = case member_nocase(ElmA, B) of
- true -> Result;
+ false -> Result;
_Else -> [ElmA | Result]
end,
reduce_headers0(RestA, B, R).
http://git-wip-us.apache.org/repos/asf/couchdb/blob/a9486d26/test/etap/231-cors.t
----------------------------------------------------------------------
diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t
index fb84585..c770d69 100644
--- a/test/etap/231-cors.t
+++ b/test/etap/231-cors.t
@@ -222,7 +222,7 @@ test_db_request(VHost) ->
"http://example.com",
"db Access-Control-Allow-Origin ok"),
etap:is(proplists:get_value("Access-Control-Expose-Headers", RespHeaders),
- "Content-Type, Server",
+ "Cache-Control, Content-Type, Server",
"db Access-Control-Expose-Headers ok");
_ ->
etap:is(false, true, "ibrowse failed")