- 19 2月, 2015 2 次提交
-
-
由 Sebastien Deleuze 提交于
This commit adds support for a same origin check that compares Origin header to Host header. It also changes the default setting from all origins allowed to only same origin allowed. Issues: SPR-12697, SPR-12685 (cherry picked from commit 6062e155)
-
由 Sebastien Deleuze 提交于
This commit introduces the following changes: - Requests without Origin header are not rejected anymore - Disable Iframe when allowedOrigins is not empty and not equals to * - The Iframe is not cached anymore in order to have a reliable origin check - allowedOrigins must not be null or empty - allowedOrigins format is now validated (should be * or start by http(s)://) Issue: SPR-12660 (cherry picked from commit 9b3319b3)
-
- 30 12月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
The following two refinements have been added: 1) SockJS doesn't support binary messages so don't even try 2) don't bother if payload.length == 0 Issue: SPR-12475
-
- 08 12月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-12516
-
- 03 12月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-12497
-
- 03 11月, 2014 1 次提交
-
-
由 Brian Clozel 提交于
Prior to this change, duplicate SubProtocolHandlers could be registered when configuring STOMP with several registrations: public void registerStompEndpoints (final StompEndpointRegistry registry) { this.endpointRegistry.addEndpoint("/stompOverWebSocket"); this.endpointRegistry.addEndpoint("/stompOverSockJS").withSockJS(); } This commit registers sub-protocols in a Set instead of a list (see SubProtocolWebSocketHandler), thus fixing the issue. Issue: SPR-12403
-
- 01 11月, 2014 1 次提交
-
-
由 Sam Brannen 提交于
-
- 30 10月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-
- 29 10月, 2014 2 次提交
-
-
由 Rossen Stoyanchev 提交于
-
由 Rossen Stoyanchev 提交于
-
- 27 10月, 2014 3 次提交
-
-
由 Rossen Stoyanchev 提交于
-
由 Sebastien Deleuze 提交于
Issues: SPR-12283
-
由 Sebastien Deleuze 提交于
This commit introduces a new OriginHandshakeInterceptor. It filters Origin header value against a list of allowed origins. AbstractSockJsService as been modified to: - Reject CORS requests with forbidden origins - Disable transport types that does not support CORS when an origin check is required - Use the Origin request header value instead of "*" for Access-Control-Allow-Origin response header value (mandatory when Access-Control-Allow-Credentials=true) - Return CORS header only if the request contains an Origin header It is possible to configure easily this behavior thanks to JavaConfig API WebSocketHandlerRegistration#addAllowedOrigins(String...) and StompWebSocketEndpointRegistration#addAllowedOrigins(String...). It is also possible to configure it using the websocket XML namespace. Please notice that this commit does not change the default behavior: cross origin requests are still enabled by default. Issues: SPR-12226
-
- 24 10月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
This change adds a ChannelInterceptor that flips the immutable flag on messages being sent. This allows components sending messages to leave the message mutable for interceptors to further apply modifications before the message is sent (and exposed to concurrency). The interceptor is automatically added with the STOMP/WebSocket Java and XML config and the StompSubProtocolHandler leaves parsed incoming messages mutable so they can be further modified before being sent. Issue: SPR-12321
-
- 21 10月, 2014 1 次提交
-
-
由 Juergen Hoeller 提交于
-
- 20 10月, 2014 1 次提交
-
-
由 Juergen Hoeller 提交于
Issue: SPR-12340
-
- 14 10月, 2014 2 次提交
-
-
由 Rossen Stoyanchev 提交于
Use explicit flag whether to copy all attributes.
-
由 Sam Brannen 提交于
-
- 13 10月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
The WebSocketMessageBroker config now allows wrapping the SubProtocolWebSocketHandler to enable advanced use cases that may require access to the underlying WebSocketSession. Issue: SPR-12314
-
- 11 10月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-12314
-
- 08 10月, 2014 2 次提交
-
-
由 Brian Clozel 提交于
This change adds a new XhrTransport for the SockJs client implementation. This transport is based on `UndertowClient`, Undertow's HTTP client. Note that this transport can be customized with an OptionMap that is used by the Xnio worker backing the I/O communications (see http://xnio.jboss.org). Implementation tested with undertow 1.0.36, 1.1.0.RC3, 1.2.0.Beta1. Issue: SPR-12008
-
由 Brian Clozel 提交于
This change adds a "Vary: Origin" HTTP response header for /info and /iframe SockJS endpoints. This is preventing proxies and browsers from caching a response and reusing it for an invalid Origin. Reference: https://groups.google.com/forum/#!topic/sockjs/svsLWRorSis Issue: SPR-12310
-
- 07 10月, 2014 1 次提交
-
-
由 Juergen Hoeller 提交于
TextMessage.toString() does not throw StringIndexOutOfBoundsException for payload with multibyte characters Issue: SPR-12307
-
- 27 9月, 2014 2 次提交
-
-
由 Juergen Hoeller 提交于
-
由 Brian Clozel 提交于
This commit updates the default location of the SockJS' client library. The previous location is being retired by the project maintainers. The new default location is backed by several CDN providers: * https://cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js See sockjs/sockjs-client#198 Issue: SPR-12254
-
- 26 9月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
This change uses a ChannelInterceptor (inserted at index 0) to detect when a DISCONNECT message is precluded from being sent on the clientInboundChannel. This can happen if another interceptor allows a runtime exception out from preSend or returns false. It is crucial for such messages to be processed, so when detected they're processed still. Issue: SPR-12218
-
- 20 9月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
The WebSocket messaging namespace now exposes configuration options for custom argument resolvers and return value handlers. Issue: SPR-12217
-
- 19 9月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-12215
-
- 04 9月, 2014 1 次提交
-
-
由 Juergen Hoeller 提交于
-
- 26 8月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-12091
-
- 22 8月, 2014 1 次提交
-
-
由 Juergen Hoeller 提交于
ServerEndpointExporter can initialize itself based on a late-provided ServletContext as well (for Boot) Also allows for direct setting of a ServerContainer and for custom triggering of endpoint registration. Issue: SPR-12109
-
- 12 8月, 2014 1 次提交
-
-
由 Phillip Webb 提交于
Consistent use of BDDMockito rather than standard Mockito.
-
- 04 8月, 2014 1 次提交
-
-
由 Stephane Nicoll 提交于
-
- 31 7月, 2014 2 次提交
-
-
由 Rossen Stoyanchev 提交于
Before this change the SockJsWebSocketHandler precluded determination of the sub-protocols by wrapping the actual target handler. After this change SockJsWebSocketHandler implements SubProtocolCapable and returns the list of sub-protocols from the wrapped handler.
-
由 Rossen Stoyanchev 提交于
-
- 30 7月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-
- 24 7月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Before this change the DefaultHandshakeHandler by default passed the list of requested WebSocket extensions as-is relying on the WebSocket engine to remove those not supported. This change ensures that WebSocket extensions not supported by the runtime are proactively removed instead. This change is preparation for SPR-11094.
-
- 23 7月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
A CloseStatus may not be received if the connection is closed while the client is between XHR polling requests.
-
- 18 7月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-
- 16 7月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-