couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Russell Branca (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-1922) CORS bug with reduce_headers and ?SIMPLE_HEADERS
Date Thu, 07 Nov 2013 18:47:20 GMT
Russell Branca created COUCHDB-1922:
---------------------------------------

             Summary: CORS bug with reduce_headers and ?SIMPLE_HEADERS
                 Key: COUCHDB-1922
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1922
             Project: CouchDB
          Issue Type: Bug
          Components: HTTP Interface
            Reporter: Russell Branca


The current implementation of couch_httpd_cors:reduce_headers0/3 has a bug in matching against
couch_httpd_cors:member_nocase/2, where the atom `true` should actually be the atom `false`:
[1].

This currently has the effect of never removing the disallowed elements from the list, as
desired. The immediate fix of `s/true/false/` on that line breaks two additional tests that
expect the "Server" header to be passed through to the response, because "Server" is not in
the list `?SIMPLE_HEADERS` [2], nor should it be as per the spec [3].

We'll want to construct a list of allowed headers that is the union of the simple headers
and the allowed CouchDB headers, like "Server".

[1] https://github.com/apache/couchdb/blob/master/src/couchdb/couch_httpd_cors.erl#L248
[2] https://github.com/apache/couchdb/blob/master/src/couchdb/couch_httpd_cors.erl#L35-L37
[3] http://www.w3.org/TR/cors/#simple-header



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message