Re: svn commit: r1757353 - in /tomcat/trunk: java/org/apache/catalina/filters/CorsFilter.java webapps/docs/changelog.xml

Tue, 23 Aug 2016 04:34:19 -0700 

Hi Mark,

On Tue, Aug 23, 2016 at 12:54 PM, <ma...@apache.org> wrote:
> Author: markt
> Date: Tue Aug 23 10:54:28 2016
> New Revision: 1757353
>
> URL: http://svn.apache.org/viewvc?rev=1757353&view=rev
> Log:
> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60008
> When processing CORs requests, treat any origin with a URI scheme of file
> as a valid origin.
>
> Modified:
>     tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
>     tomcat/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/
> catalina/filters/CorsFilter.java?rev=1757353&r1=1757352&
> r2=1757353&view=diff
> ============================================================
> ==================
> --- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
> (original)
> +++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Tue Aug
> 23 10:54:28 2016
> @@ -826,8 +826,14 @@ public final class CorsFilter extends Ge
>              return true;
>          }
>
> -        URI originURI;
> +        // RFC6454, section 4. "If uri-scheme is file, the implementation
> MAY
> +        // return an implementation-defined value.". No limits are okaced
> on
>

There is a typo in "okaced"


> +        // that value so treat all file URIs as valid origins.
> +        if (origin.startsWith("file://")) {
> +            return true;
> +        }
>
> +        URI originURI;
>          try {
>              originURI = new URI(origin);
>          } catch (URISyntaxException e) {
>
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/
> changelog.xml?rev=1757353&r1=1757352&r2=1757353&view=diff
> ============================================================
> ==================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug 23 10:54:28 2016
> @@ -191,6 +191,10 @@
>          Ensure that <code>Semaphore.release</code> is called in all
> cases. Even
>          when there is an exception. (violetagg)
>        </fix>
> +      <fix>
> +        <bug>60008</bug>: When processing CORs requests, treat any origin
> with a
> +        URI scheme of <code>file</code> as a valid origin. (markt)
> +      </fix>
>      </changelog>
>    </subsection>
>    <subsection name="Jasper">
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Reply via email to