From dfd3788712208e40f18352a9eaf3cb3f0ecaecb6 Mon Sep 17 00:00:00 2001 From: Tristan Cavelier <tristan.cavelier@nexedi.com> Date: Mon, 18 Sep 2017 08:31:08 +0000 Subject: [PATCH] erp5_web: add Vary Origin to hateoas This fixes an issue : When we work on two web apps in two different domains but using the same erp5 as storage backend, the allow origin response header was equal to one sole domain for the two web apps. --- bt5/erp5_web/ToolTemplateItem/caching_policy_manager.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bt5/erp5_web/ToolTemplateItem/caching_policy_manager.xml b/bt5/erp5_web/ToolTemplateItem/caching_policy_manager.xml index 9f60eb4de2..f8ce05ba68 100644 --- a/bt5/erp5_web/ToolTemplateItem/caching_policy_manager.xml +++ b/bt5/erp5_web/ToolTemplateItem/caching_policy_manager.xml @@ -263,7 +263,7 @@ </item> <item> <key> <string>_vary</string> </key> - <value> <string>Cookie, Authorization</string> </value> + <value> <string>Cookie, Authorization, Origin</string> </value> </item> </dictionary> </state> -- 2.30.9