diff options
author | Simone Bordet | 2009-11-19 10:32:09 +0000 |
---|---|---|
committer | Simone Bordet | 2009-11-19 10:32:09 +0000 |
commit | 28102e6cea273c3f8ae51a4a51f6e20c3c18e3e1 (patch) | |
tree | 554a101cb264f4c00405d0b7e2ce8f6731da4b89 | |
parent | 4bb4112521d1abe3ef0b4714b8f4058f28421b88 (diff) | |
download | org.eclipse.jetty.project-28102e6cea273c3f8ae51a4a51f6e20c3c18e3e1.tar.gz org.eclipse.jetty.project-28102e6cea273c3f8ae51a4a51f6e20c3c18e3e1.tar.xz org.eclipse.jetty.project-28102e6cea273c3f8ae51a4a51f6e20c3c18e3e1.zip |
Fix for #295562: CrossOriginFilter does not work with default values in Chrome and Safari.
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1072 7e9141cc-0065-0410-87d8-b60c137991c4
-rw-r--r-- | VERSION.txt | 1 | ||||
-rw-r--r-- | jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java | 5 |
2 files changed, 3 insertions, 3 deletions
diff --git a/VERSION.txt b/VERSION.txt index 26f848c2be..527562485c 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -41,6 +41,7 @@ jetty-7.0.1.v20091117 17 November 2009 + 294345 Support for HTTP/301 + HTTP/302 response codes + CVE-2009-3555 Prevent SSL renegotiate for SSL vulnerability + 295421 Cannot reset() a newly created HttpExchange: IllegalStateException 0 => 0 + + 295562 CrossOriginFilter does not work with default values in Chrome and Safari jetty-7.0.0.v20091005 5 October 2009 291340 Race condition in onException() notifications diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java index cbc41847df..5748acf3a8 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java @@ -18,7 +18,6 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; - import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -128,7 +127,7 @@ public class CrossOriginFilter implements Filter allowedMethods.addAll(Arrays.asList(allowedMethodsConfig.split(","))); String allowedHeadersConfig = config.getInitParameter(ALLOWED_HEADERS_PARAM); - if (allowedHeadersConfig == null) allowedHeadersConfig = "X-Requested-With"; + if (allowedHeadersConfig == null) allowedHeadersConfig = "X-Requested-With,Content-Type,Accept"; allowedHeaders.addAll(Arrays.asList(allowedHeadersConfig.split(","))); String preflightMaxAgeConfig = config.getInitParameter(PREFLIGHT_MAX_AGE_PARAM); @@ -265,7 +264,7 @@ public class CrossOriginFilter implements Filter boolean headerAllowed = false; for (String allowedHeader : allowedHeaders) { - if (header.equalsIgnoreCase(allowedHeader)) + if (header.trim().equalsIgnoreCase(allowedHeader.trim())) { headerAllowed = true; break; |