svn commit: r1795813 - in /tomcat/trunk: java/org/apache/catalina/filters/CorsFilter.java webapps/docs/changelog.xml

Mon, 22 May 2017 07:55:15 -0700 

Author: remm
Date: Mon May 22 14:55:01 2017
New Revision: 1795813

URL: http://svn.apache.org/viewvc?rev=1795813&view=rev
Log:
BZ61101: CORS filter should set Vary header in response. Submitted by Rick 
Riemer.

Modified:
    tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1795813&r1=1795812&r2=1795813&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Mon May 22 
14:55:01 2017
@@ -277,6 +277,10 @@ public class CorsFilter extends GenericF
                     exposedHeadersString);
         }
 
+        // Indicate the response depends on the origin
+        response.addHeader(CorsFilter.REQUEST_HEADER_VARY,
+                CorsFilter.REQUEST_HEADER_ORIGIN);
+
         // Forward the request down the filter chain.
         filterChain.doFilter(request, response);
     }
@@ -966,6 +970,13 @@ public class CorsFilter extends GenericF
             "Access-Control-Allow-Headers";
 
     // -------------------------------------------------- CORS Request Headers
+
+    /**
+     * The Vary header indicates allows disabling proxy caching by indicating
+     * the the response depends on the origin.
+     */
+    public static final String REQUEST_HEADER_VARY = "Vary";
+
     /**
      * The Origin header indicates where the cross-origin request or preflight
      * request originates from.

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1795813&r1=1795812&r2=1795813&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon May 22 14:55:01 2017
@@ -57,6 +57,10 @@
         <code>o.a.c.connector.CoyoteAdapter#parseSessionCookiesId</code>.
         Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
       </fix>
+      <fix>
+        <bug>61101</bug>: CORS filter should set Vary header in response.
+        Submitted by Rick Riemer. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to