You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by da...@apache.org on 2014/02/06 18:39:55 UTC

[13/50] [abbrv] couch commit: updated refs/heads/import-rcouch to e2dbc79

COUCHDB-1922: fix CORS exposed headers


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/0572bfbb
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/0572bfbb
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/0572bfbb

Branch: refs/heads/import-rcouch
Commit: 0572bfbb8e5d941648ab014d787db7a1a37a90a9
Parents: 53c32b2
Author: Russell Branca <ch...@gmail.com>
Authored: Thu Nov 7 11:34:58 2013 -0800
Committer: Russell Branca <ch...@gmail.com>
Committed: Thu Nov 7 11:41:50 2013 -0800

----------------------------------------------------------------------
 couch_httpd_cors.erl | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/0572bfbb/couch_httpd_cors.erl
----------------------------------------------------------------------
diff --git a/couch_httpd_cors.erl b/couch_httpd_cors.erl
index 91fe1ae..d9462d1 100644
--- a/couch_httpd_cors.erl
+++ b/couch_httpd_cors.erl
@@ -35,6 +35,8 @@
 % as defined in http://www.w3.org/TR/cors/#terminology
 -define(SIMPLE_HEADERS, ["Cache-Control", "Content-Language",
         "Content-Type", "Expires", "Last-Modified", "Pragma"]).
+-define(ALLOWED_HEADERS, lists:sort(["Server", "Etag",
+        "Accept-Ranges" | ?SIMPLE_HEADERS])).
 -define(SIMPLE_CONTENT_TYPE_VALUES, ["application/x-www-form-urlencoded",
         "multipart/form-data", "text/plain"]).
 
@@ -212,7 +214,7 @@ maybe_apply_cors_headers(CorsHeaders, RequestHeaders0) ->
     % return: RequestHeaders ++ CorsHeaders ++ ACEH
 
     RequestHeaders = [K || {K,_V} <- RequestHeaders0],
-    ExposedHeaders0 = reduce_headers(RequestHeaders, ?SIMPLE_HEADERS),
+    ExposedHeaders0 = reduce_headers(RequestHeaders, ?ALLOWED_HEADERS),
 
     % here we may have not moved Content-Type into ExposedHeaders,
     % now we need to check whether the Content-Type valus is
@@ -242,10 +244,10 @@ reduce_headers(A, B) ->
     reduce_headers0(A, B, []).
 
 reduce_headers0([], _B, Result) ->
-    Result;
+    lists:sort(Result);
 reduce_headers0([ElmA|RestA], B, Result) ->
     R = case member_nocase(ElmA, B) of
-    true -> Result;
+    false -> Result;
     _Else -> [ElmA | Result]
     end,
     reduce_headers0(RestA, B, R).