couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-1922) CORS bug with reduce_headers and ?SIMPLE_HEADERS
Date Thu, 07 Nov 2013 19:37:17 GMT


ASF subversion and git services commented on COUCHDB-1922:

Commit a9486d2668939fb87a7298d31a7717be0d1912cc in branch refs/heads/1922-cors-reduce-headers
from [~chewbranca]
[;h=a9486d2 ]

COUCHDB-1922: fix CORS exposed headers

> CORS bug with reduce_headers and ?SIMPLE_HEADERS
> ------------------------------------------------
>                 Key: COUCHDB-1922
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: Russell Branca
> The current implementation of couch_httpd_cors:reduce_headers0/3 has a bug in matching
against couch_httpd_cors:member_nocase/2, where the atom `true` should actually be the atom
`false`: [1].
> This currently has the effect of never removing the disallowed elements from the list,
as desired. The immediate fix of `s/true/false/` on that line breaks two additional tests
that expect the "Server" header to be passed through to the response, because "Server" is
not in the list `?SIMPLE_HEADERS` [2], nor should it be as per the spec [3].
> We'll want to construct a list of allowed headers that is the union of the simple headers
and the allowed CouchDB headers, like "Server".
> [1]
> [2]
> [3]

This message was sent by Atlassian JIRA

View raw message