Fix for #295562: CrossOriginFilter does not work with default values in Chrome and Safari.

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1072 7e9141cc-0065-0410-87d8-b60c137991c4

VERSION.txt

@@ -41,6 +41,7 @@ jetty-7.0.1.v20091117 17 November 2009
  + 294345 Support for HTTP/301 + HTTP/302 response codes
  + CVE-2009-3555 Prevent SSL renegotiate for SSL vulnerability
  + 295421 Cannot reset() a newly created HttpExchange: IllegalStateException 0 => 0
+ + 295562 CrossOriginFilter does not work with default values in Chrome and Safari
 
 jetty-7.0.0.v20091005 5 October 2009
 291340 Race condition in onException() notifications

jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java

@@ -18,7 +18,6 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
-
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -128,7 +127,7 @@ public class CrossOriginFilter implements Filter
         allowedMethods.addAll(Arrays.asList(allowedMethodsConfig.split(",")));
 
         String allowedHeadersConfig = config.getInitParameter(ALLOWED_HEADERS_PARAM);
-        if (allowedHeadersConfig == null) allowedHeadersConfig = "X-Requested-With";
+        if (allowedHeadersConfig == null) allowedHeadersConfig = "X-Requested-With,Content-Type,Accept";
         allowedHeaders.addAll(Arrays.asList(allowedHeadersConfig.split(",")));
 
         String preflightMaxAgeConfig = config.getInitParameter(PREFLIGHT_MAX_AGE_PARAM);
@@ -265,7 +264,7 @@ public class CrossOriginFilter implements Filter
                 boolean headerAllowed = false;
                 for (String allowedHeader : allowedHeaders)
                 {
-                    if (header.equalsIgnoreCase(allowedHeader))
+                    if (header.trim().equalsIgnoreCase(allowedHeader.trim()))
                     {
                         headerAllowed = true;
                         break;