PAS, OE1173, Redhat Linux
The default response headers are defined in oeablsecurity.properties. These headers are also added to the CORS header "access-control-expose-headers"
I can add my own header in there if I want.
But if I want to add a value to "access-control-expose-headers" in code, the appserver just creates another "access-control-expose-headers".
So my response contains 2 "access-control-expose-headers"-headers.
Isn't there any way to merge these headers?
Yes, the server's client is responsible for the merging of the response message headers of the same name. The server and its applications should have the option of following the HTTP 1.1. standard.
The expectation of merging multiple headers with the same name when the client sends a message with multiple headers with the same name.
Look at RFC 2616: section 4.2 Message Headers.
The client 'should' combine multiple headers of the same name as long as it can result in a single comma delimited list. Have you tried this with your client to observe what its implementation does?
What I do know is the CORS filter supplied the ABL web app will not dynamically look for or merge headers you supply from your application code.
Thanks for the reply. We're looking into this issue from the client's perspective now.
Was looking server-side, but if I understand you correctly, the server will not merge headers. Nor should it, because multiple headers with the same name aren't forbidden.
Yes, the server's client is responsible for the merging of the response message headers of the same name. The server and its applications should have the option of following the HTTP 1.1. standard.
The expectation of merging multiple headers with the same name when the client sends a message with multiple headers with the same name.