tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 63938] New: CORS filter adds headers to non-CORS request
Date Tue, 19 Nov 2019 12:36:54 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=63938

            Bug ID: 63938
           Summary: CORS filter adds headers to non-CORS request
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: michaelo@apache.org
  Target Milestone: -----

When the CorsFilter identifies a request as NOT_CORS, #handleNonCORS() still
calls #addStandardHeaders() and invokes filterChain.

While is not particularly wrong, the identified request is has no "Origin"
header and still serving those standard reponse headers is a waste of bytes w/o
any value to the client. One caveat I see is that a local origin request is
identified as NOT_CORS for some reason altough an "Origin" header has been
provided.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message