[CXF-5598] Header field name comparison not correct in CrossOriginResourceSharingFilter - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.10
Fix Version/s: 2.7.11, 2.6.14, 3.0
Component/s: JAX-RS, JAX-RS Security
Labels:
- cors

Estimated Complexity:
Unknown

Description

The CrossOriginResourceSharingFilter is not handled correctly the header field name comparison (ex: method effectiveAllowHeaders).
On RFC 2616, "Hypertext Transfer Protocol – HTTP/1.1", 4.2, "Message Headers":

Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive.

Even http://www.w3.org/TR/cors points that on 3. "Terminology" (ASCII case-insensitive match).

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Antonio Sargento

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Mar/14 14:05

Updated:: 11/Jul/14 12:51

Resolved:: 11/Mar/14 12:57