Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimone Bordet2012-01-24 20:21:43 +0000
committerSimone Bordet2012-01-24 20:21:43 +0000
commitcaa325c3ba017abb8a6eb9823742558b7435e582 (patch)
treefd9bf9cbbb27d36ffac276792bef676d44c09ed9
parent45bede6fdaf282c5642e3e379cdd41359e5e2f8d (diff)
downloadorg.eclipse.jetty.project-caa325c3ba017abb8a6eb9823742558b7435e582.tar.gz
org.eclipse.jetty.project-caa325c3ba017abb8a6eb9823742558b7435e582.tar.xz
org.eclipse.jetty.project-caa325c3ba017abb8a6eb9823742558b7435e582.zip
Better check for WebSocket upgrades, since Connection headers may be of the form
Connection: keep-alive, Upgrade.
-rw-r--r--jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java13
1 files changed, 10 insertions, 3 deletions
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
index 67c6e7c5fb..e4242cc7e8 100644
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
@@ -17,6 +17,7 @@ package org.eclipse.jetty.servlets;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -215,10 +216,16 @@ public class CrossOriginFilter implements Filter
{
// WebSocket clients such as Chrome 5 implement a version of the WebSocket
// protocol that does not accept extra response headers on the upgrade response
- if ("Upgrade".equalsIgnoreCase(request.getHeader("Connection")) &&
- "WebSocket".equalsIgnoreCase(request.getHeader("Upgrade")))
+ for (String connection : Collections.<String>list(request.getHeaders("Connection")))
{
- return false;
+ if ("Upgrade".equalsIgnoreCase(connection))
+ {
+ for (String upgrade : Collections.<String>list(request.getHeaders("Upgrade")))
+ {
+ if ("WebSocket".equalsIgnoreCase(upgrade))
+ return false;
+ }
+ }
}
return true;
}

Back to the top