This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e610e31376 Send fewer CORS-related headers when CORS is not actually
being engaged.
e610e31376 is described below
commit e610e313765a9724bbba9ca8ceb6f14af9ae9782
Author: Christopher Schultz <[email protected]>
AuthorDate: Fri Sep 22 12:23:00 2023 -0400
Send fewer CORS-related headers when CORS is not actually being engaged.
---
java/org/apache/catalina/filters/CorsFilter.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/filters/CorsFilter.java
b/java/org/apache/catalina/filters/CorsFilter.java
index 6c9d1f3373..33f5d9d59d 100644
--- a/java/org/apache/catalina/filters/CorsFilter.java
+++ b/java/org/apache/catalina/filters/CorsFilter.java
@@ -321,7 +321,11 @@ public class CorsFilter extends GenericFilter {
private void handleNonCORS(final HttpServletRequest request, final
HttpServletResponse response,
final FilterChain filterChain) throws IOException,
ServletException {
- addStandardHeaders(request, response);
+ if (!isAnyOriginAllowed()) {
+ // If only specific origins are allowed, the response will vary by
+ // origin
+ ResponseUtil.addVaryFieldName(response,
CorsFilter.REQUEST_HEADER_ORIGIN);
+ }
// Let request pass.
filterChain.doFilter(request, response);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
