diff options
Diffstat (limited to 'jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java')
-rw-r--r-- | jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java index 7cf2859f75..694267d847 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java @@ -162,7 +162,7 @@ public class CrossOriginFilter implements Filter { String origin = request.getHeader(ORIGIN_HEADER); // Is it a cross origin request ? - if (origin != null) + if (origin != null && isEnabled(request)) { if (originMatches(origin)) { @@ -186,6 +186,18 @@ public class CrossOriginFilter implements Filter chain.doFilter(request, response); } + protected boolean isEnabled(HttpServletRequest request) + { + // WebSocket clients such as Chrome 5 implement a version of the WebSocket + // protocol that does not accept extra response headers on the upgrade response + if ("Upgrade".equalsIgnoreCase(request.getHeader("Connection")) && + "WebSocket".equalsIgnoreCase(request.getHeader("Upgrade"))) + { + return false; + } + return true; + } + private boolean originMatches(String origin) { if (anyOriginAllowed) return true; |