tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 55046] New: CORS Filter
Date Sun, 02 Jun 2013 00:48:49 GMT

            Bug ID: 55046
           Summary: CORS Filter
           Product: Tomcat 8
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina

Created attachment 30363
A patch file containing CORS filter source code, units tests, and changes to
tomcat documentation's filter.xml.

CORS Filter implementation

This is an enhancement request to include CORS Filter as one of Tomcat's
container provided filters.

CORS (Cross Origin Resource Sharing) is a W3C specification
( that defines a mechanism to enable cross origin
requests. This is a Java Servlet Filter implementation of server-side CORS.

Here are few reasons that makes this implementation is a good fit:
* Implements all required sections of the spec for servers. Handles
simple/actual and pre-flight requests as per the specification.
* Written specifically to fit well with Tomcat's source, and is formatted the
same as Tomcat's source.
* Filter implementation is just one class and is well Javadoc'd
* Includes ample unit tests to validate the implementation against the spec
* Simple to configure minimally and use
* Easy to override default configuration, if required
* Protects against CRLF injection / response splitting attacks.

We(eBay) would like to contribute this implementation to Apache Software
Foundation, to be included in Tomcat 8. And, I would also like to maintain and
develop it, going forward. 

It's true that as a Servlet Filter, any webapp developer may add it to their
app whether Tomcat includes it or not, but we believe that this is fundamental
server behavior that should be present and easy to enable in the server, as it
is in some other servers.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message