On 30/11/11 15:21, Benson Margulies wrote:
In many cases, http://www.w3.org/TR/cors/#resource-preflight-requests
calls for the service to note the presence of an invalid header
differently from no header at all.
Have we got any way to keep track of this? or do we already reject
requests with 'imparsible' headers?
You can get
@Context HttpHeaders injected in the filter and check the headers.
The only headers which are always checked on every request are
Content-Type and Accept and if those are invalid then an error HTTP
status will be returned. Conditional headers may be checked optionally
but other custom headers are just copied/returned as is if they are
requested
Cheers, Sergey
