Close ESAPI#261.

kwwall · kwwall · commit 436549341d14 · 2016-01-31T13:38:06.000-05:00
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -172,7 +172,7 @@ public void addHeader(String name, String value) {
             String strippedValue = StringUtilities.stripControls(value);
             String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
             String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
-            getHttpServletResponse().setHeader(safeName, safeValue);
+            getHttpServletResponse().addHeader(safeName, safeValue);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
         }

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ public void addHeader(String name, String value) {`
`172`	`172`	`String strippedValue = StringUtilities.stripControls(value);`
`173`	`173`	`String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);`
`174`	`174`	`String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);`
`175`		`- getHttpServletResponse().setHeader(safeName, safeValue);`
	`175`	`+ getHttpServletResponse().addHeader(safeName, safeValue);`
`176`	`176`	`} catch (ValidationException e) {`
`177`	`177`	`logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);`
`178`	`178`	`}`