From 67b077847ad1d360585bbeea30afa9e8432b5480 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Mon, 9 Oct 2023 20:00:16 +0200 Subject: [PATCH] Issue #9777 - CrossOriginFilter does not return Vary header on no-cors mode. Modified the fix introduced by #9779 to avoid usage of Jetty server classes, so that the CrossOriginFilter can be deployed in any web application. Signed-off-by: Simone Bordet --- .../org/eclipse/jetty/servlets/CrossOriginFilter.java | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java index 817c46dbbe1f..9c3053cd6881 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java @@ -31,10 +31,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.eclipse.jetty.http.HttpField; -import org.eclipse.jetty.http.HttpHeader; -import org.eclipse.jetty.http.PreEncodedHttpField; -import org.eclipse.jetty.server.Response; import org.eclipse.jetty.util.StringUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -153,7 +149,6 @@ public class CrossOriginFilter implements Filter private static final List SIMPLE_HTTP_METHODS = Arrays.asList("GET", "POST", "HEAD"); private static final List DEFAULT_ALLOWED_METHODS = Arrays.asList("GET", "POST", "HEAD"); private static final List DEFAULT_ALLOWED_HEADERS = Arrays.asList("X-Requested-With", "Content-Type", "Accept", "Origin"); - private static final HttpField VARY_ORIGIN = new PreEncodedHttpField(HttpHeader.VARY, HttpHeader.ORIGIN.asString()); private boolean anyOriginAllowed; private boolean anyTimingOriginAllowed; @@ -274,10 +269,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha private void handle(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { - if (response instanceof Response) - ((Response)response).getHttpFields().add(VARY_ORIGIN); - else - response.addHeader(VARY_ORIGIN.getName(), VARY_ORIGIN.getValue()); + response.addHeader("Vary", ORIGIN_HEADER); String origin = request.getHeader(ORIGIN_HEADER); // Is it a cross origin request ? if (origin != null && isEnabled(request))