https://bz.apache.org/bugzilla/show_bug.cgi?id=63938
Bug ID: 63938
Summary: CORS filter adds headers to non-CORS request
Product: Tomcat 9
Version: 9.0.x
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: micha...@apache.org
Target Milestone: -----
When the CorsFilter identifies a request as NOT_CORS, #handleNonCORS() still
calls #addStandardHeaders() and invokes filterChain.
While is not particularly wrong, the identified request is has no "Origin"
header and still serving those standard reponse headers is a waste of bytes w/o
any value to the client. One caveat I see is that a local origin request is
identified as NOT_CORS for some reason altough an "Origin" header has been
provided.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
