You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/07/09 12:58:35 UTC
svn commit: r1835421 -
/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
Author: markt
Date: Mon Jul 9 12:58:35 2018
New Revision: 1835421
URL: http://svn.apache.org/viewvc?rev=1835421&view=rev
Log:
Cache correctness for OPTIONS requests that pass through the CORS filter.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1835421&r1=1835420&r2=1835421&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Mon Jul 9 12:58:35 2018
@@ -152,6 +152,16 @@ public class CorsFilter extends GenericF
// associated headers) will depend on the origin.
ResponseUtil.addVaryFieldName(response, CorsFilter.REQUEST_HEADER_ORIGIN);
+ if ("OPTIONS".equals(request.getMethod())) {
+ // For any OPTIONS request, the response will vary based on the
+ // value or absence of the following headers. Hence they need be be
+ // included in the Vary header.
+ ResponseUtil.addVaryFieldName(response,
+ CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
+ ResponseUtil.addVaryFieldName(response,
+ CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
+ }
+
// Determines the CORS request type.
CorsFilter.CORSRequestType requestType = checkRequestType(request);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org