Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Include Vary:Origin on all responses 

Signed-off-by: Richard Bradley <Richard.Bradley@softwire.com>
This commit is contained in:
Richard Bradley 2019-02-11 13:39:05 +00:00
parent 875af5c692
commit cb6b9d4a39
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
View File

@ -400,8 +400,7 @@ public class CrossOriginFilter implements Filter
{
response.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, origin);
//W3C CORS spec http://www.w3.org/TR/cors/#resource-implementation
if (!anyOriginAllowed)
response.addHeader("Vary", ORIGIN_HEADER);
response.addHeader("Vary", ORIGIN_HEADER);
if (allowCredentials)
response.setHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, "true");
if (!exposedHeaders.isEmpty())

2
jetty-servlets/src/test/java/org/eclipse/jetty/servlets/CrossOriginFilterTest.java
View File

@ -135,7 +135,7 @@ public class CrossOriginFilterTest
Set<String> fieldNames = response.getFieldNamesCollection();
assertThat(response.toString(), CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, isIn(fieldNames));
assertThat(response.toString(), CrossOriginFilter.ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, isIn(fieldNames));
assertThat(response.toString(), "Vary", not(isIn(fieldNames)));
assertThat(response.toString(), "Vary", isIn(fieldNames));
assertTrue(latch.await(1, TimeUnit.SECONDS));
}