When handling OPTION calls ignore both 'Date' and 'Allow' headers

to decide if call has been handeled If not, no OPTION calls will be passed down to the rack app due to the fact that some implementations of DefaultServlet (i.e. Jetty) also sets 'Date' Fixes jruby#205
headius · Aug 2, 2017 · 91d7d30 · 91d7d30
1 parent 91efe06
commit 91d7d30
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/src/main/java/org/jruby/rack/servlet/ResponseCapture.java b/src/main/java/org/jruby/rack/servlet/ResponseCapture.java
@@ -12,8 +12,11 @@
 import java.io.PrintWriter;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
@@ -230,12 +233,14 @@ public boolean isHandled(final HttpServletRequest request) {
                     // not to happen but there's all kind of beasts out there
                     return false;
                 }
+                // Tomcat's DefaultServlet sets 'Allow' header but Jetty also sets the 'Date' header with its servlet
+                // ... if any other headers occur beside 'Allow' and 'Date' we consider this request handled
                 for ( final String headerName : headerNames ) {
-                    if ( ! "Allow".equals( headerName ) ) {
-                        return handled = true; // not just Allow header - consider handled
+                    if ( ! "Allow".equals( headerName ) || ! "Date".equals( headerName ) ) {
+                        return handled = true;
                     }
                 }
-                return false; // OPTIONS with only Allow header set - unhandled
+                return false; // OPTIONS with only 'Allow' (and/or 'Date') header set - unhandled
             }
             return handled = true;
         }

diff --git a/src/spec/ruby/rack/servlet/response_capture_spec.rb b/src/spec/ruby/rack/servlet/response_capture_spec.rb
@@ -65,6 +65,16 @@
     expect( response_capture.isHandled(servlet_request) ).to be false
   end
 
+  it "is not considered handled when only Allow or Date header is added with OPTIONS" do
+    servlet_request.method = 'OPTIONS'
+
+    # NOTE: Jetty sets both Date and Allow in DefaultServlet#doOptions
+    response_capture.addHeader "Allow", "GET, POST, OPTIONS"
+    response_capture.addHeader "Date", Time.now.httpdate
+
+    expect( response_capture.isHandled(servlet_request) ).to be false
+  end
+
   it "is considered handled when more than Allow header is added with OPTIONS" do
     pending "need Servlet API 3.0" unless servlet_30?
 
@@ -100,4 +110,4 @@ def servlet_30?
     Java::JavaClass.for_name('javax.servlet.AsyncContext') rescue nil
   end
 
-end
+end