Skip to content

Fixed an issue with mixed-case headers not being matched correctly in CORS#2866

Closed
giovannicalo wants to merge 1 commit intohapijs:masterfrom
giovannicalo:master
Closed

Fixed an issue with mixed-case headers not being matched correctly in CORS#2866
giovannicalo wants to merge 1 commit intohapijs:masterfrom
giovannicalo:master

Conversation

@giovannicalo
Copy link
Copy Markdown
Contributor

@giovannicalo giovannicalo commented Oct 21, 2015

After the CORS rework, headers seem to be matched in a case-sensitive way.
Therefore, even if a header is allowed...

cors: {
    additionalHeaders: [
        "X-Requested-With"
    ]
}

... and the browser sends it (with a different case)...

Access-Control-Request-Headers: x-requested-with

... it won't match, thus causing the CORS preflight request to fail.

This fixes it.

The horrible blank lines are there to please the linter.
Feel free to rewrite it differently.

@hueniverse hueniverse added the bug Bug or defect label Oct 21, 2015
@hueniverse hueniverse self-assigned this Oct 21, 2015
@hueniverse hueniverse added this to the 11.0.2 milestone Oct 21, 2015
@hueniverse
Copy link
Copy Markdown
Contributor

hueniverse commented Oct 21, 2015

Thanks. Did it a bit differently to make runtime faster.

@lock
Copy link
Copy Markdown

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@hueniverse hueniverse

Labels

bug Bug or defect

Projects

None yet

Milestone

11.0.2

Development

Successfully merging this pull request may close these issues.

2 participants

@giovannicalo @hueniverse