Details
-
Bug
-
Resolution: Fixed
-
Neutral
-
6.2.25
-
None
-
None
-
Empty show more show less
-
DevX 47
-
2
-
Yes
Description
Steps to reproduce
- Configure on site level some CORS configuration to allow multiple header values.Â
- Perform a REST call setting a multi-valued header "Access-Control-Request-Headers" with some of the previous values.
Expected results
The call is executed without complications, depending on the headers being allowed or not.
Actual results
If the header is multivalued, the following error is always thrown:Â
CORS failed due to: Some of the request headers [x-pingother,x-requested-with] are not allowed
Workaround
At the moment, it seems like setting the header "Access-Control-Request-Headers" once for each wanted value, allows the filter to work.
Development notes
The issue seems to be on the areHeadersAllowed method from the CorsResponseFilter class.
The final Set<String> requestHeaders parameter of the areHeadersAllowed method should also be able to contain multivalued headers.
Checklists
Acceptance criteria
Attachments
Issue Links
- mentioned in
-
Page Loading...
There are no Sub-Tasks for this issue.