tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 63939] CORS filter incorrectly implements same/local origin check
Date Fri, 29 Nov 2019 14:08:13 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=63939

--- Comment #1 from Mark Thomas <markt@apache.org> ---
The CORS specification references RFC 6454 for the definition of the origin
header.

RFC 6454 states that the port should only be included in serialized form (which
is the form used in the HTTP header) if the port differs from the default port.
Tomcat's same origin test is, therefore, correct in this respect.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message