You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/08/23 10:54:28 UTC
svn commit: r1757353 - in /tomcat/trunk:
java/org/apache/catalina/filters/CorsFilter.java webapps/docs/changelog.xml
Author: markt
Date: Tue Aug 23 10:54:28 2016
New Revision: 1757353
URL: http://svn.apache.org/viewvc?rev=1757353&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60008
When processing CORs requests, treat any origin with a URI scheme of file as a valid origin.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1757353&r1=1757352&r2=1757353&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Tue Aug 23 10:54:28 2016
@@ -826,8 +826,14 @@ public final class CorsFilter extends Ge
return true;
}
- URI originURI;
+ // RFC6454, section 4. "If uri-scheme is file, the implementation MAY
+ // return an implementation-defined value.". No limits are okaced on
+ // that value so treat all file URIs as valid origins.
+ if (origin.startsWith("file://")) {
+ return true;
+ }
+ URI originURI;
try {
originURI = new URI(origin);
} catch (URISyntaxException e) {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1757353&r1=1757352&r2=1757353&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug 23 10:54:28 2016
@@ -191,6 +191,10 @@
Ensure that <code>Semaphore.release</code> is called in all cases. Even
when there is an exception. (violetagg)
</fix>
+ <fix>
+ <bug>60008</bug>: When processing CORs requests, treat any origin with a
+ URI scheme of <code>file</code> as a valid origin. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1757353 - in /tomcat/trunk:
java/org/apache/catalina/filters/CorsFilter.java webapps/docs/changelog.xml
Posted by Mark Thomas <ma...@apache.org>.
On 23/08/2016 12:33, Martin Grigorov wrote:
> Hi Mark,
>
> On Tue, Aug 23, 2016 at 12:54 PM, <ma...@apache.org> wrote:
>
>> Author: markt
>> Date: Tue Aug 23 10:54:28 2016
>> New Revision: 1757353
>>
>> URL: http://svn.apache.org/viewvc?rev=1757353&view=rev
<snip/>
>> + // RFC6454, section 4. "If uri-scheme is file, the implementation
>> MAY
>> + // return an implementation-defined value.". No limits are okaced
>> on
>>
>
> There is a typo in "okaced"
Thanks. I'll get that fixed.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1757353 - in /tomcat/trunk: java/org/apache/catalina/filters/CorsFilter.java
webapps/docs/changelog.xml
Posted by Martin Grigorov <mg...@apache.org>.
Hi Mark,
On Tue, Aug 23, 2016 at 12:54 PM, <ma...@apache.org> wrote:
> Author: markt
> Date: Tue Aug 23 10:54:28 2016
> New Revision: 1757353
>
> URL: http://svn.apache.org/viewvc?rev=1757353&view=rev
> Log:
> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60008
> When processing CORs requests, treat any origin with a URI scheme of file
> as a valid origin.
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
> tomcat/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/
> catalina/filters/CorsFilter.java?rev=1757353&r1=1757352&
> r2=1757353&view=diff
> ============================================================
> ==================
> --- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
> (original)
> +++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Tue Aug
> 23 10:54:28 2016
> @@ -826,8 +826,14 @@ public final class CorsFilter extends Ge
> return true;
> }
>
> - URI originURI;
> + // RFC6454, section 4. "If uri-scheme is file, the implementation
> MAY
> + // return an implementation-defined value.". No limits are okaced
> on
>
There is a typo in "okaced"
> + // that value so treat all file URIs as valid origins.
> + if (origin.startsWith("file://")) {
> + return true;
> + }
>
> + URI originURI;
> try {
> originURI = new URI(origin);
> } catch (URISyntaxException e) {
>
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/
> changelog.xml?rev=1757353&r1=1757352&r2=1757353&view=diff
> ============================================================
> ==================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug 23 10:54:28 2016
> @@ -191,6 +191,10 @@
> Ensure that <code>Semaphore.release</code> is called in all
> cases. Even
> when there is an exception. (violetagg)
> </fix>
> + <fix>
> + <bug>60008</bug>: When processing CORs requests, treat any origin
> with a
> + URI scheme of <code>file</code> as a valid origin. (markt)
> + </fix>
> </changelog>
> </subsection>
> <subsection name="Jasper">
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>