Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.6
-
None
-
firefox
-
Unknown
Description
When a CORS request header send with a comma delimited list of values without whitespace, the regexp:
{private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",\\w*");}consumes (part of) the next item in the list.
The offending header in my case is (on a HTTP OPTIONS pre-flight check)
Access-Control-Request-Headers: authorization,content-type
which is eventually returned to the browser as:
Access-Control-Allow-Headers: authorization, -type
The result of which is Firefox refusing the cross-domain POST request following this OPTIONS check
i couldn't find a reason why the
{\\w*}part should be part of a comma splitting regexp, changing the regexp to
{"," , ",\\b*" or ",\\s"}fixed the problem for me and would seem more logical to me (but i'm not too familiar with the ins and out of CXF)