activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dejan Bosanac <de...@nighttale.net>
Subject Re: STOMP/Websockets and CORS
Date Tue, 06 Aug 2013 09:02:49 GMT
Hi,

yes by default web socket spec defines same-origin policy and it's enforced
by web server (Jetty in this case). I just found out that there's a filter
that can be used to avoid this

http://wiki.eclipse.org/Jetty/Feature/Cross_Origin_Filter

so maybe we can make it configurable.

Regards
--
Dejan Bosanac
----------------------
Red Hat, Inc.
FuseSource is now part of Red Hat
dbosanac@redhat.com
Twitter: @dejanb
Blog: http://sensatic.net
ActiveMQ in Action: http://www.manning.com/snyder/


On Fri, Aug 2, 2013 at 11:29 PM, Christian Posta
<christian.posta@gmail.com>wrote:

> Paddy, can you confirm CORS is indeed not allowed with the current
> implementation?
> I peeked at the code really quick and I don't see anything specific to same
> origin policy configurations, but if you confirm it cannot be done
> currently, then open a jira and we can get that in there.
>
>
> On Fri, Aug 2, 2013 at 1:43 PM, Paddy Carman <paddy.carman@gmail.com>
> wrote:
>
> > Hi -
> >     I'm trying to connect to a broker that is in a different domain than
> > where my web app is originating from. Following is what I read from the
> > ActiveMQ documentation:
> > One thing worth noting is that web sockets (just as Ajax) implements
> > the*same
> > origin policy*, so you can access only brokers running on the same host
> as
> > the web application running the client.
> >
> > Question: Is there a way to get around this?
> >
> > -PC
> >
>
>
>
> --
> *Christian Posta*
> http://www.christianposta.com/blog
> twitter: @christianposta
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message