diff options
author | Morten Tokle <mortent@yahooinc.com> | 2022-10-25 13:18:38 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-25 13:18:38 +0200 |
commit | 7c984e2ea7240dd6b491472c71ed5732a5bc8105 (patch) | |
tree | 4f964fd99a707ff0243a4ef2f815bed8cca08252 | |
parent | 70026cc89de5a1586f7b70e261d0f09c437a2263 (diff) | |
parent | 98a0d7cff2e297e7e6fb04ba9b9b5ba8cc0526a3 (diff) |
Merge pull request #24571 from vespa-engine/mortent/prevent-api-cachingv8.74.15
Prevent browser API caching MERGEOK
2 files changed, 1 insertions, 2 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java index fd9c558f97b..e261f420e1c 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -22,7 +22,7 @@ class CorsLogic { "Okta-Access-Token,Okta-Refresh-Token,Vespa-Csrf-Token", "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST,PATCH", "Access-Control-Allow-Credentials", "true", - "Vary", "Origin" + "Vary", "*" ); static Map<String, String> createCorsResponseHeaders(String requestOriginHeader, diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java index 0059fcf1d25..520e22de136 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java @@ -20,6 +20,5 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter { response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Frame-Options", "DENY"); response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin"); - response.setHeader("Vary", "*"); } } |