- 19 2月, 2015 2 次提交
-
-
由 Sebastien Deleuze 提交于
This commit adds support for a same origin check that compares Origin header to Host header. It also changes the default setting from all origins allowed to only same origin allowed. Issues: SPR-12697, SPR-12685 (cherry picked from commit 6062e155)
-
由 Sebastien Deleuze 提交于
This commit introduces the following changes: - Requests without Origin header are not rejected anymore - Disable Iframe when allowedOrigins is not empty and not equals to * - The Iframe is not cached anymore in order to have a reliable origin check - allowedOrigins must not be null or empty - allowedOrigins format is now validated (should be * or start by http(s)://) Issue: SPR-12660 (cherry picked from commit 9b3319b3)
-
- 01 11月, 2014 1 次提交
-
-
由 Sam Brannen 提交于
-
- 27 10月, 2014 2 次提交
-
-
由 Sebastien Deleuze 提交于
Issues: SPR-12283
-
由 Sebastien Deleuze 提交于
This commit introduces a new OriginHandshakeInterceptor. It filters Origin header value against a list of allowed origins. AbstractSockJsService as been modified to: - Reject CORS requests with forbidden origins - Disable transport types that does not support CORS when an origin check is required - Use the Origin request header value instead of "*" for Access-Control-Allow-Origin response header value (mandatory when Access-Control-Allow-Credentials=true) - Return CORS header only if the request contains an Origin header It is possible to configure easily this behavior thanks to JavaConfig API WebSocketHandlerRegistration#addAllowedOrigins(String...) and StompWebSocketEndpointRegistration#addAllowedOrigins(String...). It is also possible to configure it using the websocket XML namespace. Please notice that this commit does not change the default behavior: cross origin requests are still enabled by default. Issues: SPR-12226
-
- 08 10月, 2014 1 次提交
-
-
由 Brian Clozel 提交于
This change adds a "Vary: Origin" HTTP response header for /info and /iframe SockJS endpoints. This is preventing proxies and browsers from caching a response and reusing it for an invalid Origin. Reference: https://groups.google.com/forum/#!topic/sockjs/svsLWRorSis Issue: SPR-12310
-
- 27 9月, 2014 2 次提交
-
-
由 Juergen Hoeller 提交于
-
由 Brian Clozel 提交于
This commit updates the default location of the SockJS' client library. The previous location is being retired by the project maintainers. The new default location is backed by several CDN providers: * https://cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js See sockjs/sockjs-client#198 Issue: SPR-12254
-
- 12 8月, 2014 1 次提交
-
-
由 Phillip Webb 提交于
Consistent use of BDDMockito rather than standard Mockito.
-
- 27 6月, 2014 2 次提交
-
-
由 Brian Clozel 提交于
Issue: SPR-11919
-
由 Brian Clozel 提交于
Prior to this commit, the ServletResponseHttpHeaders.get method would throw an NPE when used under Wildfly 8.0.0.Final and 8.1.0.Final. This can be traced to WFLY-3474, which throws an NPE when calling HttpServletResponse.getHeaders("foo") and that header has not been defined prior to that. This would cause NPE being thrown by AbstractSockJsService when checking for CORS HTTP headers in the server HTTP response. This commit surrounds that method call in AbstractSockJsService and guards against this issue. Issue: SPR-11919
-
- 06 3月, 2014 1 次提交
-
-
由 Rossen Stoyanchev 提交于
After this change, AbstractSockJsService does not add CORS headers if the response already contains an "Access-Control-Allow-Origin" header. Essentially it backs off assuming CORS headers are handled centrally e.g. through a Filter. In order to support this, the ServletServerHttpResponse now returns an instance of HttpHeaders that also provides access to headers already present in the HttpServletResponse. Issue: SPR-11443
-
- 05 3月, 2014 1 次提交
-
-
由 Sam Brannen 提交于
- Deleted empty AbstractWebSocketClientTests class. - AbstractServletHandlerMethodTests and AbstractHttpRequestTests are now actually declared as abstract. - The following classes are not abstract but currently have an "Abstract" prefix and therefore get ignored by the Gradle build. This commit renames each of these by deleting the "Abstract" prefix. - AbstractFlashMapManagerTests - AbstractMappingContentNegotiationStrategyTests - AbstractSockJsServiceTests - AbstractWebSocketHandlerRegistrationTests
-
- 22 1月, 2014 1 次提交
-
-
由 Sam Brannen 提交于
-
- 08 12月, 2013 1 次提交
-
-
由 Juergen Hoeller 提交于
Introduced SockJsSession interface and moved SockJsSessionFactory and SockJsServiceConfig to sockjs.transport; added initialize(SockJsServiceConfig) method to TransportHandler interface; extracted TransportHandlingSockJsService from DefaultSockJsService; moved sockjs.support.frame to sockjs.frame and extracted (Default)SockJsFrameFormat from SockJsFrame; moved SockJsHttpRequestHandler to sockjs.support; removed Jackson 1.x support
-
- 08 11月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
The SockJS path is now passed to the SockJsService handleRequest method thus removing the need to guess it. Issue: SPR-11058
-
- 01 10月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-10923
-
- 27 9月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
Issue: SPR-10939
-
- 03 8月, 2013 5 次提交
-
-
由 Rossen Stoyanchev 提交于
Add a factory method in ServerHttpRequest for creating a ServerHttpAsyncRequestControl.
-
由 Rossen Stoyanchev 提交于
See javadoc in SockJsService for details. Also remove ReadOnlyMultiValueMap, CollectionUtils has a method for that already.
-
由 Rossen Stoyanchev 提交于
The method returning query parameters now returns only query string parameters as opposed to any Servlet request parameter. This commit also adds a ReadOnlyMultiValueMap.
-
由 Rossen Stoyanchev 提交于
ServerHttpAsyncResponseControl wraps a ServetHttpRequest and -Response pair and allows putting the processing of the request in async mode so that the response remains open until explicitly closed, either from the current or from another thread. ServletServerHttpAsyncResponseControl provides a Serlvet-based implementation.
-
由 Rossen Stoyanchev 提交于
A getCookies method is now available on ServerHttpRequest with one ServletServerCookie implementation that wraps a Servlet cookie. The SockJS service makes use of this to check for an existing session cookie in the request.
-
- 01 8月, 2013 2 次提交
-
-
由 Rossen Stoyanchev 提交于
After this change the top-level sockjs package contains the main types for use in applications.
-
由 Rossen Stoyanchev 提交于
A SockJS message frame is an array of JSON-encoded messages and before this change the use of the Jackson 2 library was hard-coded. A Jackson 2 and Jackson 1.x implementations are provided and automatically used if those libraries are present on the classpath. Issue: SPR-10800
-
- 28 6月, 2013 1 次提交
-
-
由 Phillip Webb 提交于
Minor polish to formatting and assertion messages.
-
- 16 5月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-
- 15 5月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-
- 14 5月, 2013 1 次提交
-
-
由 Rob Winch 提交于
Issue: SPR-10130
-
- 06 5月, 2013 1 次提交
-
-
由 Rossen Stoyanchev 提交于
-