Skip to content

S
spring-framework

爱吃血肠 / spring-framework

通知 1
Star 0
Fork 0
S
spring-framework

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
  1. 19 2月, 2015 2 次提交
    • S
      Change SockJS and Websocket default allowedOrigins to same origin · 23fa37b0
      Sebastien Deleuze 提交于 
      This commit adds support for a same origin check that compares
Origin header to Host header. It also changes the default setting
from all origins allowed to only same origin allowed.

Issues: SPR-12697, SPR-12685
(cherry picked from commit 6062e155)
      23fa37b0
    • S
      Fix SockJS origin check · cc78d40c
      Sebastien Deleuze 提交于 
      This commit introduces the following changes:
 - Requests without Origin header are not rejected anymore
 - Disable Iframe when allowedOrigins is not empty and not equals to *
 - The Iframe is not cached anymore in order to have a reliable origin check
 - allowedOrigins must not be null or empty
 - allowedOrigins format is now validated (should be * or start by http(s)://)

Issue: SPR-12660
(cherry picked from commit 9b3319b3)
      cc78d40c
  3. 27 10月, 2014 2 次提交
    • R
      Replace "if(" with "if (" · da612d07
      Rossen Stoyanchev 提交于
      da612d07
    • S
      Add an option to set an Origin whitelist for Websocket and SockJS · 743356fa
      Sebastien Deleuze 提交于 
      This commit introduces a new OriginHandshakeInterceptor. It filters
Origin header value against a list of allowed origins.

AbstractSockJsService as been modified to:
 - Reject CORS requests with forbidden origins
 - Disable transport types that does not support CORS when an origin
   check is required
 - Use the Origin request header value instead of "*" for
   Access-Control-Allow-Origin response header value
   (mandatory when  Access-Control-Allow-Credentials=true)
 - Return CORS header only if the request contains an Origin header

It is possible to configure easily this behavior thanks to JavaConfig API
WebSocketHandlerRegistration#addAllowedOrigins(String...) and
StompWebSocketEndpointRegistration#addAllowedOrigins(String...).
It is also possible to configure it using the websocket XML namespace.

Please notice that this commit does not change the default behavior:
cross origin requests are still enabled by default.

Issues: SPR-12226
      743356fa
  5. 21 10月, 2014 1 次提交
  7. 16 7月, 2014 1 次提交
  9. 03 12月, 2013 2 次提交
  11. 27 11月, 2013 1 次提交
    • P
      General polish of new 4.0 classes · 15698860
      Phillip Webb 提交于 
      Apply consistent styling to new classes introduced in Spring 4.0.

- Javadoc line wrapping, whitespace and formatting
- General code whitespace
- Consistent Assert.notNull messages
      15698860
  13. 08 11月, 2013 1 次提交
  15. 02 9月, 2013 1 次提交
    • R
      Polish WebSocket/STOMP Java config · e21bbdd9
      Rossen Stoyanchev 提交于 
      Ensure configuration provided for WebSocketHandler's (eg interceptors,
or HandshakeHandler) are passed on to the SockJsService if congiured.

Better separate Servlet-specific parts of the configuration to make it
more obvious where non-Servlet alternatives could fit in.

Add more tests.

Improve WebSocket integration tests.
      e21bbdd9
  17. 29 8月, 2013 1 次提交
  19. 28 8月, 2013 1 次提交