Fix for #302556 (CrossOriginFilter does not work correctly when Access-Control-Request-Headers header is not present)
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1264 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
d208d55652
commit
52cab495e0
|
@ -25,6 +25,7 @@ jetty-7.0.2-SNAPSHOT
|
|||
+ 300733 Jars from lib/ext are not visible for my web application
|
||||
+ 300933 AbstractConnector uses concurrent objects for stats
|
||||
+ 301089 Improve statistics available in StatisticsHandler and AbstractConnector
|
||||
+ 302556 CrossOriginFilter does not work correctly when Access-Control-Request-Headers header is not present
|
||||
|
||||
jetty-7.0.1.v20091125 25 November 2009
|
||||
+ 274251 DefaultServlet supports exact match mode.
|
||||
|
|
|
@ -234,7 +234,7 @@ public class CrossOriginFilter implements Filter
|
|||
// 5.2.9
|
||||
response.setHeader(ACCESS_CONTROL_ALLOW_METHODS_HEADER, commify(allowedMethods));
|
||||
// 5.2.10
|
||||
response.setHeader(ACCESS_CONTROL_ALLOW_HEADERS_HEADER, commify(this.allowedHeaders));
|
||||
response.setHeader(ACCESS_CONTROL_ALLOW_HEADERS_HEADER, commify(allowedHeaders));
|
||||
}
|
||||
|
||||
private boolean isMethodAllowed(HttpServletRequest request)
|
||||
|
@ -254,10 +254,9 @@ public class CrossOriginFilter implements Filter
|
|||
{
|
||||
String accessControlRequestHeaders = request.getHeader(ACCESS_CONTROL_REQUEST_HEADERS_HEADER);
|
||||
Log.debug("{} is {}", ACCESS_CONTROL_REQUEST_HEADERS_HEADER, accessControlRequestHeaders);
|
||||
boolean result = false;
|
||||
boolean result = true;
|
||||
if (accessControlRequestHeaders != null)
|
||||
{
|
||||
result = true;
|
||||
String[] headers = accessControlRequestHeaders.split(",");
|
||||
for (String header : headers)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue