Merge pull request #977 from jamesagnew/no-cache_CORS

Allows the Cache-Control Header in CORS
2018-06-04 17:52:26 +02:00 · 2018-06-04 17:52:26 +02:00 · 06ad24f463
parent 6788eb992d 9498247082
commit 06ad24f463
2 changed files with 2 additions and 1 deletions
--- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/api/Constants.java
+++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/api/Constants.java
@ -274,6 +274,7 @@ public class Constants {
 		corsAllowedHeaders.add("Content-Type");
 		corsAllowedHeaders.add("Origin");
 		corsAllowedHeaders.add("Prefer");
+		corsAllowedHeaders.add("X-FHIR-Starter");
 		corsAllowedHeaders.add("X-Requested-With");
 		CORS_ALLOWED_HEADERS = Collections.unmodifiableSet(corsAllowedHeaders);

--- a/hapi-fhir-jpaserver-example/src/main/webapp/WEB-INF/web.xml
+++ b/hapi-fhir-jpaserver-example/src/main/webapp/WEB-INF/web.xml
@ -76,7 +76,7 @@
 		<init-param>
 			<description>A comma separated list of allowed headers when making a non simple CORS request.</description>
 			<param-name>cors.allowed.headers</param-name>
-			<param-value>X-FHIR-Starter,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Prefer</param-value>
+			<param-value>Accept,Access-Control-Request-Headers,Access-Control-Request-Method,Cache-Control,Content-Type,Origin,Prefer,X-FHIR-Starter,X-Requested-With</param-value>
 		</init-param>
 		<init-param>
 			<description>A comma separated list non-standard response headers that will be exposed to XHR2 object.</description>