[Bug 57724] CorsFilter does not work correctly if the "origin" has the same value with the "host"

bugzilla Wed, 18 Mar 2015 08:48:06 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=57724


Jack Zhang <wenjiezhang2...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|INVALID                     |---
             Status|RESOLVED                    |REOPENED

--- Comment #3 from Jack Zhang <wenjiezhang2...@gmail.com> ---
Hi Mark,

Thanks for the quick reply.

I do not know why Chrome team wants to handle this case differently from the
other browser. But based on the IETF
specification(http://tools.ietf.org/html/rfc6454#section-7.3), the user agent
can include the "origin" in any of the HTTP request. So it is definitely unfair
to check only the existence of this element.

Thanks,
Jack

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57724] CorsFilter does not work correctly if the "origin" has the same value with the "host"

Reply via email to