Am 2019-12-02 um 21:07 schrieb Mark Thomas:
On 02/12/2019 19:48, Michael Osipov wrote:
Am 2019-12-02 um 18:51 schrieb ma...@apache.org:
>
This is why I brought up BZ 63938.
You see no other way to make it an exact match a not blanket?
Not easily, no. You'd essentially have to recreate large chunks of
ApplicationFilterFactory.
Agreed to the tradeoff, I'd rather would see BZ 63938 fixed in that spirit.
--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -1201,6 +1201,21 @@
<attributes>
+ <attribute name="allowCorsPreflight" required="false">
+ <p>Are requests that appear to be CORS preflight requests
allowed to
+ bypass the authenticator as required by the CORS
specification. The
+ allowed values are <code>never</code>, <code>filter</code> and
+ <code>always</code>. <code>never</code> means that a request
will never
+ bypass authentication even if it appears to be a CORS
preflight request.
+ <code>filter</code> means that a request will bypass
authentication if
+ it appears to be a CORS preflight request and the web
application the
+ request maps to has the <a href="filter.html#CORS_Filter">CORS
I have the feeling that some word is either wrong or missing here: ...
and the web application the request maps ...
Looks fine to me.
Frankly, as a non-English native speaker I do not understand the
sentence. Maybe others won't too.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
