diff options
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter')
2 files changed, 1 insertions, 2 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java index fd9c558f97b..e261f420e1c 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -22,7 +22,7 @@ class CorsLogic { "Okta-Access-Token,Okta-Refresh-Token,Vespa-Csrf-Token", "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST,PATCH", "Access-Control-Allow-Credentials", "true", - "Vary", "Origin" + "Vary", "*" ); static Map<String, String> createCorsResponseHeaders(String requestOriginHeader, diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java index 0059fcf1d25..520e22de136 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java @@ -20,6 +20,5 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter { response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Frame-Options", "DENY"); response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin"); - response.setHeader("Vary", "*"); } } |