tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 63938] New: CORS filter adds headers to non-CORS request
Date Tue, 19 Nov 2019 12:36:54 GMT

            Bug ID: 63938
           Summary: CORS filter adds headers to non-CORS request
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
  Target Milestone: -----

When the CorsFilter identifies a request as NOT_CORS, #handleNonCORS() still
calls #addStandardHeaders() and invokes filterChain.

While is not particularly wrong, the identified request is has no "Origin"
header and still serving those standard reponse headers is a waste of bytes w/o
any value to the client. One caveat I see is that a local origin request is
identified as NOT_CORS for some reason altough an "Origin" header has been

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message