From dev-return-203894-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Fri Nov 29 14:08:17 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 12224180657 for ; Fri, 29 Nov 2019 15:08:16 +0100 (CET) Received: (qmail 18003 invoked by uid 500); 29 Nov 2019 14:08:15 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 17989 invoked by uid 99); 29 Nov 2019 14:08:15 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Nov 2019 14:08:15 +0000 Received: from bz-he-de.apache.org (bz-he-de.apache.org [148.251.237.210]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id DA5C2E039B for ; Fri, 29 Nov 2019 14:08:14 +0000 (UTC) Received: by bz-he-de.apache.org (ASF Mail Server at bz-he-de.apache.org, from userid 33) id 929C56A006C; Fri, 29 Nov 2019 14:08:13 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 63939] CORS filter incorrectly implements same/local origin check Date: Fri, 29 Nov 2019 14:08:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 9 X-Bugzilla-Component: Catalina X-Bugzilla-Version: 9.0.x X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: markt@apache.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: ----- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 https://bz.apache.org/bugzilla/show_bug.cgi?id=3D63939 --- Comment #1 from Mark Thomas --- The CORS specification references RFC 6454 for the definition of the origin header. RFC 6454 states that the port should only be included in serialized form (w= hich is the form used in the HTTP header) if the port differs from the default p= ort. Tomcat's same origin test is, therefore, correct in this respect. --=20 You are receiving this mail because: You are the assignee for the bug.= --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org