Fixes #315190 (CrossOriginFilter adds headers not understood by Chrome 5 WebSocket implementation).

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1910 7e9141cc-0065-0410-87d8-b60c137991c4

VERSION.txt

@@ -1,10 +1,11 @@
 jetty-7.1.4-SNAPSHOT
  + 292326 Stop continuations if server is stopped.
- + 294212 Can not customize session cookie path 
+ + 294212 Can not customize session cookie path
  + 302350 org.eclipse.jetty.server.NCSARequestLog is missing JavaDoc
  + 304100 Better document JMX setup in jetty-jmx.xml
  + 314299 Create test harness for JDBCLoginService
  + 314581 Implement the Sec-Websocket handshake
+ + 315190 CrossOriginFilter adds headers not understood by Chrome 5 WebSocket implementation
 
 jetty-7.1.3.v20100526
  + 296567 HttpClient RedirectListener handles new HttpDestination

jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java

@@ -162,7 +162,7 @@ public class CrossOriginFilter implements Filter
     {
         String origin = request.getHeader(ORIGIN_HEADER);
         // Is it a cross origin request ?
-        if (origin != null)
+        if (origin != null && isEnabled(request))
         {
             if (originMatches(origin))
             {
@@ -186,6 +186,18 @@ public class CrossOriginFilter implements Filter
         chain.doFilter(request, response);
     }
 
+    protected boolean isEnabled(HttpServletRequest request)
+    {
+        // WebSocket clients such as Chrome 5 implement a version of the WebSocket
+        // protocol that does not accept extra response headers on the upgrade response
+        if ("Upgrade".equalsIgnoreCase(request.getHeader("Connection")) &&
+            "WebSocket".equalsIgnoreCase(request.getHeader("Upgrade")))
+        {
+            return false;
+        }
+        return true;
+    }
+
     private boolean originMatches(String origin)
     {
         if (anyOriginAllowed) return true;