315190 – CrossOriginFilter adds headers not understood by Chrome 5 WebSocket implementation

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 315190 - CrossOriginFilter adds headers not understood by Chrome 5 WebSocket implementation

Summary: CrossOriginFilter adds headers not understood by Chrome 5 WebSocket implement...

Status:	CLOSED FIXED

Alias:	None

Product:	Jetty
Classification:	RT
Component:	server (show other bugs)
Version:	7.1.3
Hardware:	All All

Importance:	P3 normal (vote)
Target Milestone:	7.1.0
Assignee:	Simone Bordet
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-06-01 07:56 EDT by Simone Bordet
Modified:	2012-12-26 13:43 EST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simone Bordet

2010-06-01 07:56:46 EDT

The WebSocket implementation implemented by Chrome/Chromium 5 (I tested it using Chromium 5.0.375.55), which is the current stable version, is so strict in parsing the response headers after a WebSocket upgrade request that it does not allow the normal CORS response headers, in particular the "Access-Control-Allow-Origin" response header.

So, while the CrossOriginFilter works as per the CORS spec, a hack should be added to make WebSocket work also in presence of the CrossOriginFilter.

Comment 1 Simone Bordet

2010-06-01 08:00:09 EDT

Fixed by adding an overloadable method that checks if the request is a WebSocket upgrade request, and if it's the case, disables the filter.

Comment 2 Joakim Erdfelt

2012-12-26 13:43:20 EST

Resolved -> Closed