Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #9777 - CrossOriginFilter does not return Vary header on no-cors mode. 

Modified the fix introduced by #9779 to avoid usage of Jetty server classes, so that the CrossOriginFilter can be deployed in any web application.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2023-10-09 20:00:16 +02:00
parent dbb94514dc
commit 67b077847a
No known key found for this signature in database
GPG Key ID: 1677D141BCF3584D
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
View File

@ -31,10 +31,6 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpField;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.PreEncodedHttpField;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.util.StringUtil; import org.eclipse.jetty.util.StringUtil;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -153,7 +149,6 @@ public class CrossOriginFilter implements Filter
private static final List<String> SIMPLE_HTTP_METHODS = Arrays.asList("GET", "POST", "HEAD"); private static final List<String> SIMPLE_HTTP_METHODS = Arrays.asList("GET", "POST", "HEAD");
private static final List<String> DEFAULT_ALLOWED_METHODS = Arrays.asList("GET", "POST", "HEAD"); private static final List<String> DEFAULT_ALLOWED_METHODS = Arrays.asList("GET", "POST", "HEAD");
private static final List<String> DEFAULT_ALLOWED_HEADERS = Arrays.asList("X-Requested-With", "Content-Type", "Accept", "Origin"); private static final List<String> DEFAULT_ALLOWED_HEADERS = Arrays.asList("X-Requested-With", "Content-Type", "Accept", "Origin");
private static final HttpField VARY_ORIGIN = new PreEncodedHttpField(HttpHeader.VARY, HttpHeader.ORIGIN.asString());
private boolean anyOriginAllowed; private boolean anyOriginAllowed;
private boolean anyTimingOriginAllowed; private boolean anyTimingOriginAllowed;
@ -274,10 +269,7 @@ public class CrossOriginFilter implements Filter
private void handle(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException private void handle(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
{ {
if (response instanceof Response) response.addHeader("Vary", ORIGIN_HEADER);
((Response)response).getHttpFields().add(VARY_ORIGIN);
else
response.addHeader(VARY_ORIGIN.getName(), VARY_ORIGIN.getValue());
String origin = request.getHeader(ORIGIN_HEADER); String origin = request.getHeader(ORIGIN_HEADER);
// Is it a cross origin request ? // Is it a cross origin request ?
if (origin != null && isEnabled(request)) if (origin != null && isEnabled(request))