|
|
|
@ -37355,6 +37355,25 @@ be cached. For details on how to enable it see the |
|
|
|
|
https://github.com/sockjs/sockjs-client[SockJS client] page. |
|
|
|
|
==== |
|
|
|
|
|
|
|
|
|
[[websocket-fallback-cors]] |
|
|
|
|
==== SockJS and CORS |
|
|
|
|
|
|
|
|
|
The SockJS protocol uses CORS for cross-domain support in the XHR streaming and |
|
|
|
|
XHR polling transports. CORS headers are automatically added to SockJS requests |
|
|
|
|
for transports that require it as well as for the initial `"/info"` request. |
|
|
|
|
|
|
|
|
|
Spring's `SockJsServce` implementation checks for the presence of the CORS |
|
|
|
|
`"Access-Control-Allow-Origin"` header in the response. If present, no new CORS |
|
|
|
|
headers are added, essentially assuming that CORS support is configured |
|
|
|
|
centrally, e.g. through a Servlet Filter. Otherwise the following are added: |
|
|
|
|
|
|
|
|
|
* `"Access-Control-Allow-Origin"` - intitialized from the value of the "origin" request header or "*". |
|
|
|
|
* `"Access-Control-Allow-Credentials"` - always set to `true`. |
|
|
|
|
* `"Access-Control-Request-Headers"` - initialized from values from the equivalent request header. |
|
|
|
|
* `"Access-Control-Allow-Methods"` - the HTTP methods a transport supports (see `TransportType` enum). |
|
|
|
|
* `"Access-Control-Max-Age"` - set to 31536000 (1 year). |
|
|
|
|
|
|
|
|
|
For the exact implementation, see `addCorsHeaders` in `AbstractSockJsService`. |
|
|
|
|
|
|
|
|
|
[[websocket-fallback-sockjs-servlet3-async]] |
|
|
|
|
==== SockJS and Servlet 3 Async Support |
|
|
|
|