Author: remm Date: Mon May 22 14:55:01 2017 New Revision: 1795813 URL: http://svn.apache.org/viewvc?rev=1795813&view=rev Log: BZ61101: CORS filter should set Vary header in response. Submitted by Rick Riemer.
Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1795813&r1=1795812&r2=1795813&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original) +++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Mon May 22 14:55:01 2017 @@ -277,6 +277,10 @@ public class CorsFilter extends GenericF exposedHeadersString); } + // Indicate the response depends on the origin + response.addHeader(CorsFilter.REQUEST_HEADER_VARY, + CorsFilter.REQUEST_HEADER_ORIGIN); + // Forward the request down the filter chain. filterChain.doFilter(request, response); } @@ -966,6 +970,13 @@ public class CorsFilter extends GenericF "Access-Control-Allow-Headers"; // -------------------------------------------------- CORS Request Headers + + /** + * The Vary header indicates allows disabling proxy caching by indicating + * the the response depends on the origin. + */ + public static final String REQUEST_HEADER_VARY = "Vary"; + /** * The Origin header indicates where the cross-origin request or preflight * request originates from. Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1795813&r1=1795812&r2=1795813&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon May 22 14:55:01 2017 @@ -57,6 +57,10 @@ <code>o.a.c.connector.CoyoteAdapter#parseSessionCookiesId</code>. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg) </fix> + <fix> + <bug>61101</bug>: CORS filter should set Vary header in response. + Submitted by Rick Riemer. (remm) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org