tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Tomcat7 + WebSocket + mod_jk
Date Tue, 18 Sep 2012 20:30:10 GMT
On 18/09/2012 21:27, Nikos Viorres wrote:
> If i am not mistaken, this is considered XSS and is not allowed,

Yes, you are mistaken. The WebSocket spec specifically considers this
scenario and there are security controls in place if you wish to use them.

Mark

 although a
> different port is. I was looking at websockets a couple of months ago for
> an enterprise app and decided against using them for these problems, i went
> with Long polling and async requests instead which are compabtible with
> almost all browsers and dont have problems with proxies.
> 
> N
> 
> On Tue, Sep 18, 2012 at 11:14 PM, Mark Thomas <markt@apache.org> wrote:
> 
>> On 18/09/2012 21:13, Nikos Viorres wrote:
>>> That is of course a solution, but then prepare to have problems with
>>> firewalls, proxies etc.
>>
>> Separate hostname then, still on port 80.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message