This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 4dd9c16dd1da0eea0a82a9a2f9ba27daf67eda6d
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Fri Sep 22 12:23:00 2023 -0400
Send fewer CORS-related headers when CORS is not actually being engaged.
---
java/org/apache/catalina/filters/CorsFilter.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/CorsFilter.java
b/java/org/apache/catalina/filters/CorsFilter.java
index dfc728128d..1aec15a43f 100644
--- a/java/org/apache/catalina/filters/CorsFilter.java
+++ b/java/org/apache/catalina/filters/CorsFilter.java
@@ -321,7 +321,11 @@ public class CorsFilter extends GenericFilter {
private void handleNonCORS(final HttpServletRequest request, final
HttpServletResponse response,
final FilterChain filterChain) throws IOException,
ServletException {
- addStandardHeaders(request, response);
+ if (!isAnyOriginAllowed()) {
+ // If only specific origins are allowed, the response will vary by
+ // origin
+ ResponseUtil.addVaryFieldName(response,
CorsFilter.REQUEST_HEADER_ORIGIN);
+ }
// Let request pass.
filterChain.doFilter(request, response);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
