Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5598

Header field name comparison not correct in CrossOriginResourceSharingFilter

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      The CrossOriginResourceSharingFilter is not handled correctly the header field name comparison (ex: method effectiveAllowHeaders).
      On RFC 2616, "Hypertext Transfer Protocol – HTTP/1.1", 4.2, "Message Headers":

      Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive.

      .

      Even http://www.w3.org/TR/cors points that on 3. "Terminology" (ASCII case-insensitive match).

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              antonio_sargento Antonio Sargento
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: