https://bz.apache.org/bugzilla/show_bug.cgi?id=63938
Bug ID: 63938 Summary: CORS filter adds headers to non-CORS request Product: Tomcat 9 Version: 9.0.x Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: ----- When the CorsFilter identifies a request as NOT_CORS, #handleNonCORS() still calls #addStandardHeaders() and invokes filterChain. While is not particularly wrong, the identified request is has no "Origin" header and still serving those standard reponse headers is a waste of bytes w/o any value to the client. One caveat I see is that a local origin request is identified as NOT_CORS for some reason altough an "Origin" header has been provided. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org