[CXF-3994] CORS filter looks at too many headers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not A Problem
Affects Version/s: 2.5.1
Fix Version/s: 2.5.1
Component/s: JAX-RS
Labels:
None

Estimated Complexity:
Unknown

Description

The org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter should not look at 'agent headers' such as Origin or Cookies. Currently, it looks at them, and will reject a preflight one isn't listed in the list of permitted headers.

Attachments

Activity

People

Assignee:: Benson Margulies

Reporter:: Benson Margulies

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Dec/11 22:58

Updated:: 07/Feb/12 21:50

Resolved:: 22/Dec/11 02:38