couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Russell Branca (JIRA)" <>
Subject [jira] [Created] (COUCHDB-1922) CORS bug with reduce_headers and ?SIMPLE_HEADERS
Date Thu, 07 Nov 2013 18:47:20 GMT
Russell Branca created COUCHDB-1922:

             Summary: CORS bug with reduce_headers and ?SIMPLE_HEADERS
                 Key: COUCHDB-1922
             Project: CouchDB
          Issue Type: Bug
          Components: HTTP Interface
            Reporter: Russell Branca

The current implementation of couch_httpd_cors:reduce_headers0/3 has a bug in matching against
couch_httpd_cors:member_nocase/2, where the atom `true` should actually be the atom `false`:

This currently has the effect of never removing the disallowed elements from the list, as
desired. The immediate fix of `s/true/false/` on that line breaks two additional tests that
expect the "Server" header to be passed through to the response, because "Server" is not in
the list `?SIMPLE_HEADERS` [2], nor should it be as per the spec [3].

We'll want to construct a list of allowed headers that is the union of the simple headers
and the allowed CouchDB headers, like "Server".


This message was sent by Atlassian JIRA

View raw message