add access-control-max-age

inspectIT · Sep 28, 2023 · 37d8cfb · 37d8cfb
1 parent bfc9c63
commit 37d8cfb
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/...ot-core/src/main/java/rocks/inspectit/ocelot/core/exporter/BrowserPropagationServlet.java b/...ot-core/src/main/java/rocks/inspectit/ocelot/core/exporter/BrowserPropagationServlet.java
@@ -56,7 +56,6 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
         if(allowedOrigins.contains("*") || allowedOrigins.contains(origin)) {
             response.setHeader("Access-Control-Allow-Origin", origin);
             response.setHeader("Access-Control-Allow-Methods", "GET");
-            response.setHeader("Access-Control-Allow-Headers", sessionIdHeader);
             response.setHeader("Access-Control-Allow-Credentials", "true");
 
             String sessionID = request.getHeader(sessionIdHeader);
@@ -94,7 +93,6 @@ protected void doPut(HttpServletRequest request, HttpServletResponse response) {
         if(allowedOrigins.contains("*") || allowedOrigins.contains(origin)) {
             response.setHeader("Access-Control-Allow-Origin", origin);
             response.setHeader("Access-Control-Allow-Methods", "PUT");
-            response.setHeader("Access-Control-Allow-Headers", sessionIdHeader);
             response.setHeader("Access-Control-Allow-Credentials", "true");
 
             String sessionID = request.getHeader(sessionIdHeader);
@@ -141,6 +139,7 @@ protected void doOptions(HttpServletRequest request, HttpServletResponse respons
             response.setHeader("Access-Control-Allow-Methods", "GET, PUT");
             response.setHeader("Access-Control-Allow-Headers", sessionIdHeader);
             response.setHeader("Access-Control-Allow-Credentials", "true");
+            response.setHeader("Access-Control-Max-Age", "3600");
             response.setStatus(HttpServletResponse.SC_OK);
         }
         else response.setStatus(HttpServletResponse.SC_FORBIDDEN);