Details
Description
The CrossOriginResourceSharingFilter is not handled correctly the header field name comparison (ex: method effectiveAllowHeaders).
On RFC 2616, "Hypertext Transfer Protocol – HTTP/1.1", 4.2, "Message Headers":
Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive.
Even http://www.w3.org/TR/cors points that on 3. "Terminology" (ASCII case-insensitive match).