Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5598

Header field name comparison not correct in CrossOriginResourceSharingFilter

    XMLWordPrintableJSON

Details

    • Unknown

    Description

      The CrossOriginResourceSharingFilter is not handled correctly the header field name comparison (ex: method effectiveAllowHeaders).
      On RFC 2616, "Hypertext Transfer Protocol – HTTP/1.1", 4.2, "Message Headers":

      Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive.

      .

      Even http://www.w3.org/TR/cors points that on 3. "Terminology" (ASCII case-insensitive match).

      Attachments

        Activity

          People

            sergey_beryozkin Sergey Beryozkin
            antonio_sargento Antonio Sargento
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: