Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-8589

CorsResponseFilter failure when Access-Control-Request-Headers has multiple values

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Neutral
    • 6.3.0, 6.2.40
    • 6.2.25
    • None
    • None

    Description

      Steps to reproduce

      1. Configure on site level some CORS configuration to allow multiple header values. 
      2. Perform a REST call setting a multi-valued header "Access-Control-Request-Headers" with some of the previous values.

      Expected results

      The call is executed without complications, depending on the headers being allowed or not.

      Actual results

      If the header is multivalued, the following error is always thrown: 
      CORS failed due to: Some of the request headers [x-pingother,x-requested-with] are not allowed

      Workaround

      At the moment, it seems like setting the header "Access-Control-Request-Headers" once for each wanted value, allows the filter to work.

      Development notes

      The issue seems to be on the areHeadersAllowed method from the CorsResponseFilter class.

      The final Set<String> requestHeaders parameter of the areHeadersAllowed method should also be able to contain multivalued headers.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            There are no Sub-Tasks for this issue.

            Activity

              People

                anh.vu Anh Vu
                rgaona Roberto Gaona
                DeveloperX
                Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Work Started:

                  Checklists

                    Bug DoR
                    Task DoD

                    Time Tracking

                      Estimated:
                      Original Estimate - Not Specified
                      Not Specified
                      Remaining:
                      Remaining Estimate - 0d
                      0d
                      Logged:
                      Time Spent - 3d 3h
                      3d 3h