From 52382ebfbce20a98b01cd9d37184a12703987a5a Mon Sep 17 00:00:00 2001 From: Remy Maucherat Date: Mon, 22 May 2017 15:00:35 +0000 Subject: [PATCH] BZ61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1795816 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/catalina/filters/CorsFilter.java | 11 +++++++++++ webapps/docs/changelog.xml | 8 ++++++++ 2 files changed, 19 insertions(+) diff --git a/java/org/apache/catalina/filters/CorsFilter.java b/java/org/apache/catalina/filters/CorsFilter.java index e8297d630f89..4aa7a0071278 100644 --- a/java/org/apache/catalina/filters/CorsFilter.java +++ b/java/org/apache/catalina/filters/CorsFilter.java @@ -297,6 +297,10 @@ protected void handleSimpleCORS(final HttpServletRequest request, exposedHeadersString); } + // Indicate the response depends on the origin + response.addHeader(CorsFilter.REQUEST_HEADER_VARY, + CorsFilter.REQUEST_HEADER_ORIGIN); + // Forward the request down the filter chain. filterChain.doFilter(request, response); } @@ -998,6 +1002,13 @@ public Collection getAllowedHttpHeaders() { "Access-Control-Allow-Headers"; // -------------------------------------------------- CORS Request Headers + + /** + * The Vary header indicates allows disabling proxy caching by indicating + * the the response depends on the origin. + */ + public static final String REQUEST_HEADER_VARY = "Vary"; + /** * The Origin header indicates where the cross-origin request or preflight * request originates from. diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b3ef741fd3e1..434e47f55c54 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -58,6 +58,14 @@ issues do not "pop up" wrt. others). -->
+ + + + 61101: CORS filter should set Vary header in response. + Submitted by Rick Riemer. (remm) + + +