summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java2
-rw-r--r--jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java1
2 files changed, 1 insertions, 2 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
index fd9c558f97b..e261f420e1c 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java
@@ -22,7 +22,7 @@ class CorsLogic {
"Okta-Access-Token,Okta-Refresh-Token,Vespa-Csrf-Token",
"Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST,PATCH",
"Access-Control-Allow-Credentials", "true",
- "Vary", "Origin"
+ "Vary", "*"
);
static Map<String, String> createCorsResponseHeaders(String requestOriginHeader,
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
index 0059fcf1d25..520e22de136 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
@@ -20,6 +20,5 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter {
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("X-Frame-Options", "DENY");
response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
- response.setHeader("Vary", "*");
}
}