- 19 2月, 2015 2 次提交
-
-
由 Sebastien Deleuze 提交于
This commit adds support for a same origin check that compares Origin header to Host header. It also changes the default setting from all origins allowed to only same origin allowed. Issues: SPR-12697, SPR-12685 (cherry picked from commit 6062e155)
-
由 Sebastien Deleuze 提交于
This commit introduces the following changes: - Requests without Origin header are not rejected anymore - Disable Iframe when allowedOrigins is not empty and not equals to * - The Iframe is not cached anymore in order to have a reliable origin check - allowedOrigins must not be null or empty - allowedOrigins format is now validated (should be * or start by http(s)://) Issue: SPR-12660 (cherry picked from commit 9b3319b3)
-
- 27 10月, 2014 2 次提交
-
-
由 Rossen Stoyanchev 提交于
-
由 Sebastien Deleuze 提交于
This commit introduces a new OriginHandshakeInterceptor. It filters Origin header value against a list of allowed origins. AbstractSockJsService as been modified to: - Reject CORS requests with forbidden origins - Disable transport types that does not support CORS when an origin check is required - Use the Origin request header value instead of "*" for Access-Control-Allow-Origin response header value (mandatory when Access-Control-Allow-Credentials=true) - Return CORS header only if the request contains an Origin header It is possible to configure easily this behavior thanks to JavaConfig API WebSocketHandlerRegistration#addAllowedOrigins(String...) and StompWebSocketEndpointRegistration#addAllowedOrigins(String...). It is also possible to configure it using the websocket XML namespace. Please notice that this commit does not change the default behavior: cross origin requests are still enabled by default. Issues: SPR-12226
-
- 21 10月, 2014 1 次提交
-
-
由 Juergen Hoeller 提交于
-
- 16 7月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-
- 03 12月, 2013 2 次提交
-
-
由 Juergen Hoeller 提交于
Merged web.socket.messaging.config into web.socket.config and introduced web.socket.config.annotation
-
由 Juergen Hoeller 提交于
-
- 27 11月, 2013 1 次提交
-
-
由 Phillip Webb 提交于
Apply consistent styling to new classes introduced in Spring 4.0. - Javadoc line wrapping, whitespace and formatting - General code whitespace - Consistent Assert.notNull messages
-
- 08 11月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
The SockJS path is now passed to the SockJsService handleRequest method thus removing the need to guess it. Issue: SPR-11058
-
- 02 9月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Ensure configuration provided for WebSocketHandler's (eg interceptors, or HandshakeHandler) are passed on to the SockJsService if congiured. Better separate Servlet-specific parts of the configuration to make it more obvious where non-Servlet alternatives could fit in. Add more tests. Improve WebSocket integration tests.
-
- 29 8月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-10835
-
- 28 8月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-10835
-