Author: markt
Date: Mon Jul 9 12:58:35 2018
New Revision: 1835421
URL: http://svn.apache.org/viewvc?rev=1835421&view=rev
Log:
Cache correctness for OPTIONS requests that pass through the CORS filter.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1835421&r1=1835420&r2=1835421&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Mon Jul 9
12:58:35 2018
@@ -152,6 +152,16 @@ public class CorsFilter extends GenericF
// associated headers) will depend on the origin.
ResponseUtil.addVaryFieldName(response,
CorsFilter.REQUEST_HEADER_ORIGIN);
+ if ("OPTIONS".equals(request.getMethod())) {
+ // For any OPTIONS request, the response will vary based on the
+ // value or absence of the following headers. Hence they need be be
+ // included in the Vary header.
+ ResponseUtil.addVaryFieldName(response,
+ CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
+ ResponseUtil.addVaryFieldName(response,
+ CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
+ }
+
// Determines the CORS request type.
CorsFilter.CORSRequestType requestType = checkRequestType(request);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
