From 169b8db69e73d1b7bf2356226912f22dbdbf4003 Mon Sep 17 00:00:00 2001 From: Rhuan Rocha Date: Fri, 9 Jun 2023 01:13:01 -0300 Subject: [PATCH] Fixing the issue #33922 about Access-Control-Expose-Headers Signed-off-by: Rhuan Rocha --- .../vertx/http/runtime/cors/CORSFilter.java | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java index 4cd477c951b8d..43f8077bad39d 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java @@ -176,6 +176,16 @@ public void handle(RoutingContext event) { if (allowedMethods != null) { response.headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, allowedMethods); } + + //always set expose headers if present + if (exposedHeaders != null) { + response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders); + } + + if (!isConfiguredWithWildcard(corsConfig.exposedHeaders)) { + response.headers().set(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders); + } + //we check that the actual request matches the allowed methods and headers if (!isMethodAllowed(request.method())) { LOG.debug("Method is not allowed"); @@ -211,15 +221,6 @@ private void handlePreflightRequest(RoutingContext event, String requestedHeader processPreFlightRequestedHeaders(response, requestedHeaders); } - //always set expose headers if present - if (exposedHeaders != null) { - response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders); - } - - if (!isConfiguredWithWildcard(corsConfig.exposedHeaders)) { - response.headers().set(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders); - } - } static boolean isSameOrigin(HttpServerRequest request, String origin) {