cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5598) Header field name comparison not correct in CrossOriginResourceSharingFilter
Date Tue, 11 Mar 2014 12:59:43 GMT

     [ https://issues.apache.org/jira/browse/CXF-5598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-5598.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.6.14
                   2.7.11
                   3.0.0
         Assignee: Sergey Beryozkin

> Header field name comparison not correct in CrossOriginResourceSharingFilter
> ----------------------------------------------------------------------------
>
>                 Key: CXF-5598
>                 URL: https://issues.apache.org/jira/browse/CXF-5598
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS, JAX-RS Security
>    Affects Versions: 2.7.10
>            Reporter: Antonio Sargento
>            Assignee: Sergey Beryozkin
>              Labels: cors
>             Fix For: 3.0.0, 2.7.11, 2.6.14
>
>
> The CrossOriginResourceSharingFilter is not handled correctly the header field name comparison
(ex: method effectiveAllowHeaders).
> On RFC 2616, "Hypertext Transfer Protocol -- HTTP/1.1", 4.2, "Message Headers":
> {panel}
> Each header field consists of a name followed by a colon (":") and the field value. Field
names are case-insensitive.
> {panel}.
> Even http://www.w3.org/TR/cors points that on 3. "Terminology" (ASCII case-insensitive
match).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message