tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <r...@apache.org>
Subject Re: svn commit: r1642721 - /tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
Date Mon, 01 Dec 2014 21:52:39 GMT
2014-12-01 22:00 GMT+01:00 Mark Thomas <markt@apache.org>:

> This is an improvement since it is not just the scheme, host and port
> but it still reflects the connection being made to WebSocket rather than
> the Origin of the request. I don't see how the WebSocketContainer can
> possibly determine what the origin is. It has to rely on a user provided
> value.
>
> Also, I don't see anything in either RFC6455 or the Java WebSocket
> specification that says that the origin header is mandatory.
>

The user has the opportunity to set its origin header, but having an origin
seems mandatory enough to me right now. Anything you don't like can be
wrapped inside the strict flag.

Rémy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message