How to disable auto-add CORS header in Spring SockJS Spring Websocket module

Question

How to disable auto-add CORS header in Spring SockJS Spring Websocket module

I have used Spring SockJs in my project for some websocket support. According to the documentation, Spring's sockjs library adds a CORS header based on the origin of the incoming request if it doesn't detect a header added by a servlet filter or some mechanism. http://docs.spring.io/autorepo/docs/spring-framework/current/spring-framework-reference/html/websocket.html (Section 21.3.6 CORS Headers for SockJS)

I'm not sure if it's a good idea to add a header automatically, but for my use case, I want to disable adding any header. So I either explicitly add or remove it - Spring SOCKJS shouldn't add it automatically.

Is there a way to do this? I researched the SockJsService API but couldn't figure out a lot http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/socket/sockjs/support/AbstractSockJsService.html

+3

spring spring-websocket

cpandey05 Sep 25 14 at 11:17

source to share

1 answer

Brian clozel · Answer 1 · 2014-09-29T16:27:11+0000

I don't think there is a clear way to do this here. Also, I didn't understand what was really bothering you: allowing other origin or HTTP response headers that you yourself didn't do?

Either way, these headers are sane by default, which you probably want if you want to make sure all SockJS transports work on all supported clients.

Since this is probably not the best place to discuss this, you can open a new JIRA issue for a Spring Framework project ("Messaging: Websocket" module) and explain your use case / motivation for this.

How to disable auto-add CORS header in Spring SockJS Spring Websocket module

More articles: