Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix for #302556 (CrossOriginFilter does not work correctly when Access-Control-Request-Headers header is not present) 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1264 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Simone Bordet 2010-02-11 09:01:14 +00:00
parent d208d55652
commit 52cab495e0
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
VERSION.txt
View File

@ -10,7 +10,7 @@ jetty-7.0.2-SNAPSHOT
+ 298667 DeploymentManager uses ContextProvider and WebAppProvider
+ 299455 Enum support in JSONPojoConvertor
+ 302198 Rename HttpClient authorization classes to Authentication
+ 302244 invalid configuration boolean conversion in FormAuthenticator
+ 302244 invalid configuration boolean conversion in FormAuthenticator
+ 302246 redirect loop using form authenticator
+ JETTY-776 Make new session-tests module to concentrate all reusable session clustering test code
+ JETTY-910 Allow request listeners to access session
@ -25,6 +25,7 @@ jetty-7.0.2-SNAPSHOT
+ 300733 Jars from lib/ext are not visible for my web application
+ 300933 AbstractConnector uses concurrent objects for stats
+ 301089 Improve statistics available in StatisticsHandler and AbstractConnector
+ 302556 CrossOriginFilter does not work correctly when Access-Control-Request-Headers header is not present
jetty-7.0.1.v20091125 25 November 2009
+ 274251 DefaultServlet supports exact match mode.

5
jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
View File

@ -234,7 +234,7 @@ public class CrossOriginFilter implements Filter
// 5.2.9
response.setHeader(ACCESS_CONTROL_ALLOW_METHODS_HEADER, commify(allowedMethods));
// 5.2.10
response.setHeader(ACCESS_CONTROL_ALLOW_HEADERS_HEADER, commify(this.allowedHeaders));
response.setHeader(ACCESS_CONTROL_ALLOW_HEADERS_HEADER, commify(allowedHeaders));
}
private boolean isMethodAllowed(HttpServletRequest request)
@ -254,10 +254,9 @@ public class CrossOriginFilter implements Filter
{
String accessControlRequestHeaders = request.getHeader(ACCESS_CONTROL_REQUEST_HEADERS_HEADER);
Log.debug("{} is {}", ACCESS_CONTROL_REQUEST_HEADERS_HEADER, accessControlRequestHeaders);
boolean result = false;
boolean result = true;
if (accessControlRequestHeaders != null)
{
result = true;
String[] headers = accessControlRequestHeaders.split(",");
for (String header : headers)
{