svn commit: r1642670 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/CorsFilter.java webapps/docs/changelog.xml

Mon, 01 Dec 2014 03:55:30 -0800 

Author: markt
Date: Mon Dec  1 11:52:58 2014
New Revision: 1642670

URL: http://svn.apache.org/r1642670
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57180
Don't limit HTTP methods to those defined in RFC 7231.

Modified:
    tomcat/tc8.0.x/trunk/   (props changed)
    tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java
    tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1642668

Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1642670&r1=1642669&r2=1642670&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java 
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CorsFilter.java Mon 
Dec  1 11:52:58 2014
@@ -650,7 +650,7 @@ public final class CorsFilter implements
                                 requestType = CORSRequestType.ACTUAL;
                             }
                         }
-                    } else if (COMPLEX_HTTP_METHODS.contains(method)) {
+                    } else {
                         requestType = CORSRequestType.ACTUAL;
                     }
                 }
@@ -1034,7 +1034,11 @@ public final class CorsFilter implements
                     "DELETE", "TRACE", "CONNECT"));
     /**
      * {@link Collection} of non-simple HTTP methods. Case sensitive.
+     * @deprecated Not used. Will be removed in Tomcat 9.0.x onwards. All HTTP
+     *             methods not in {@link #HTTP_METHODS} are assumed to be
+     *             non-simple.
      */
+    @Deprecated
     public static final Collection<String> COMPLEX_HTTP_METHODS =
             new HashSet<>(Arrays.asList("PUT", "DELETE", "TRACE", "CONNECT"));
     /**

Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1642670&r1=1642669&r2=1642670&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Mon Dec  1 11:52:58 2014
@@ -57,6 +57,10 @@
         annotation scanning in some cases. (markt)
       </fix>
       <fix>
+        <bug>57180</bug>: Do not limit the CORS filter to only accepting
+        requests that use an HTTP method defined in RFC 7231. (markt)
+      </fix>
+      <fix>
         <bug>57208</bug>: Prevent NPE in JNDI Realm when no results are found
         in a directory context for a user with specified user name. Based on
         a patch provided by Jason McIntosh. (violetagg)



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to