[Bug 63938] New: CORS filter adds headers to non-CORS request

bugzilla Tue, 19 Nov 2019 04:37:21 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=63938


            Bug ID: 63938
           Summary: CORS filter adds headers to non-CORS request
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: -----

When the CorsFilter identifies a request as NOT_CORS, #handleNonCORS() still
calls #addStandardHeaders() and invokes filterChain.

While is not particularly wrong, the identified request is has no "Origin"
header and still serving those standard reponse headers is a waste of bytes w/o
any value to the client. One caveat I see is that a local origin request is
identified as NOT_CORS for some reason altough an "Origin" header has been
provided.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 63938] New: CORS filter adds headers to non-CORS request

Reply via email to