Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 315190

Summary: CrossOriginFilter adds headers not understood by Chrome 5 WebSocket implementation
Product: [RT] Jetty Reporter: Simone Bordet <simone.bordet>
Component: serverAssignee: Simone Bordet <simone.bordet>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: jetty-inbox, joakim.erdfelt
Version: 7.1.3   
Target Milestone: 7.1.0   
Hardware: All   
OS: All   
Whiteboard:

Description Simone Bordet CLA 2010-06-01 07:56:46 EDT 
The WebSocket implementation implemented by Chrome/Chromium 5 (I tested it using Chromium 5.0.375.55), which is the current stable version, is so strict in parsing the response headers after a WebSocket upgrade request that it does not allow the normal CORS response headers, in particular the "Access-Control-Allow-Origin" response header.

So, while the CrossOriginFilter works as per the CORS spec, a hack should be added to make WebSocket work also in presence of the CrossOriginFilter.
Comment 1 Simone Bordet CLA 2010-06-01 08:00:09 EDT 
Fixed by adding an overloadable method that checks if the request is a WebSocket upgrade request, and if it's the case, disables the filter.
Comment 2 Joakim Erdfelt CLA 2012-12-26 13:43:20 EST 
Resolved -> Closed