Allow 'Vespa-Csrf-Token' header

author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-09-26 12:01:44 +0200
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-09-26 12:01:44 +0200
commit: 7ef92d2fff4461b186a423ff34ee5975058d3c4f (patch)
tree: 74251bea99c774c1785751a0a546c477583f297d /jdisc-security-filters
parent: 1c1ec5121a89c63a49ece4f1e8e84af1149c0c29 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
index 1ff76fd45ac..fd9c558f97b 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
@@ -18,7 +18,8 @@ class CorsLogic {
 
     static final Map<String, String> ACCESS_CONTROL_HEADERS = Map.of(
             "Access-Control-Max-Age", CORS_PREFLIGHT_REQUEST_CACHE_TTL,
-            "Access-Control-Allow-Headers", "Origin,Content-Type,Accept,Yahoo-Principal-Auth,Okta-Identity-Token,Okta-Access-Token,Okta-Refresh-Token",
+            "Access-Control-Allow-Headers", "Origin,Content-Type,Accept,Yahoo-Principal-Auth,Okta-Identity-Token," +
+                    "Okta-Access-Token,Okta-Refresh-Token,Vespa-Csrf-Token",
             "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST,PATCH",
             "Access-Control-Allow-Credentials", "true",
             "Vary", "Origin"
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-09-26 12:01:44 +0200
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-09-26 12:01:44 +0200
commit	7ef92d2fff4461b186a423ff34ee5975058d3c4f (patch)
tree	74251bea99c774c1785751a0a546c477583f297d /jdisc-security-filters
parent	1c1ec5121a89c63a49ece4f1e8e84af1149c0c29 (diff)