You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/02/04 10:31:02 UTC
svn commit: r1657041 -
/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
Author: markt
Date: Wed Feb 4 09:31:02 2015
New Revision: 1657041
URL: http://svn.apache.org/r1657041
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57180
Additional fix. Do not attempt to enumerate valid HTTP methods.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1657041&r1=1657040&r2=1657041&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Wed Feb 4 09:31:02 2015
@@ -338,8 +338,7 @@ public final class CorsFilter implements
// Section 6.2.3
String accessControlRequestMethod = request.getHeader(
CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
- if (accessControlRequestMethod == null ||
- !HTTP_METHODS.contains(accessControlRequestMethod.trim())) {
+ if (accessControlRequestMethod == null) {
handleInvalidCORS(request, response, filterChain);
return;
} else {
@@ -623,7 +622,7 @@ public final class CorsFilter implements
requestType = CORSRequestType.INVALID_CORS;
} else {
String method = request.getMethod();
- if (method != null && HTTP_METHODS.contains(method)) {
+ if (method != null) {
if ("OPTIONS".equals(method)) {
String accessControlRequestMethodHeader =
request.getHeader(
@@ -1030,14 +1029,13 @@ public final class CorsFilter implements
/**
* {@link Collection} of HTTP methods. Case sensitive.
- *
- * @see <a href="http://tools.ietf.org/html/rfc2616#section-5.1.1"
- * >http://tools.ietf.org/html/rfc2616#section-5.1.1</a>
- *
+ * @deprecated Not used. Will be removed in Tomcat 9.0.x onwards.
*/
+ @Deprecated
public static final Collection<String> HTTP_METHODS =
new HashSet<>(Arrays.asList("OPTIONS", "GET", "HEAD", "POST", "PUT",
"DELETE", "TRACE", "CONNECT"));
+
/**
* {@link Collection} of Simple HTTP methods. Case sensitive.
*
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org