Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5901

Investigate how WebSocket Transport can support CORS

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • JAX-RS, Transports
    • None
    • Unknown

    Description

      AFAIK CORS requirements can be enforced by compliant WebSocket implementations such as Atmosphere and that any secure WebSocket server should be capable of implementing CORS filters.

      The question is: can we reuse CXF JAX-RS CORS filters when working with web sockets and when we need to worry about it. I guess it is only an upgrade request issue, once the upgrade is done using a wss protocol we have a secure channel in place.

      If so then CXF filters will likely do as they will reject the initial upgraded request if it does not meet the CORS restrictions, but the transport may need to discard the upgraded connection in such cases.

      Attachments

        Activity

          People

            Unassigned Unassigned
            sergey_beryozkin Sergey Beryozkin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: