svn commit: r1835421 - /tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java

Mon, 09 Jul 2018 05:58:43 -0700 

Author: markt
Date: Mon Jul  9 12:58:35 2018
New Revision: 1835421

URL: http://svn.apache.org/viewvc?rev=1835421&view=rev
Log:
Cache correctness for OPTIONS requests that pass through the CORS filter.

Modified:
    tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java

Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1835421&r1=1835420&r2=1835421&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Mon Jul  9 
12:58:35 2018
@@ -152,6 +152,16 @@ public class CorsFilter extends GenericF
         // associated headers) will depend on the origin.
         ResponseUtil.addVaryFieldName(response, 
CorsFilter.REQUEST_HEADER_ORIGIN);
 
+        if ("OPTIONS".equals(request.getMethod())) {
+            // For any OPTIONS request, the response will vary based on the
+            // value or absence of the following headers. Hence they need be be
+            // included in the Vary header.
+            ResponseUtil.addVaryFieldName(response,
+                    CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
+            ResponseUtil.addVaryFieldName(response,
+                    CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
+        }
+
         // Determines the CORS request type.
         CorsFilter.CORSRequestType requestType = checkRequestType(request);
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to