From 2ea16b7ab3f3027736966ca93891d7bb19df4bd6 Mon Sep 17 00:00:00 2001
From: Simone Bordet <simone.bordet@gmail.com>
Date: Tue, 1 Jun 2010 12:02:07 +0000
Subject: [PATCH] Fixes #315190 (CrossOriginFilter adds headers not understood
 by Chrome 5 WebSocket implementation).

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1910 7e9141cc-0065-0410-87d8-b60c137991c4
---
 VERSION.txt                                        |  3 ++-
 .../eclipse/jetty/servlets/CrossOriginFilter.java  | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/VERSION.txt b/VERSION.txt
index 47e30b4cd6d..b13c775898d 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1,10 +1,11 @@
 jetty-7.1.4-SNAPSHOT
  + 292326 Stop continuations if server is stopped.
- + 294212 Can not customize session cookie path 
+ + 294212 Can not customize session cookie path
  + 302350 org.eclipse.jetty.server.NCSARequestLog is missing JavaDoc
  + 304100 Better document JMX setup in jetty-jmx.xml
  + 314299 Create test harness for JDBCLoginService
  + 314581 Implement the Sec-Websocket handshake
+ + 315190 CrossOriginFilter adds headers not understood by Chrome 5 WebSocket implementation
 
 jetty-7.1.3.v20100526
  + 296567 HttpClient RedirectListener handles new HttpDestination
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
index 7cf2859f75d..694267d8477 100644
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
@@ -162,7 +162,7 @@ public class CrossOriginFilter implements Filter
     {
         String origin = request.getHeader(ORIGIN_HEADER);
         // Is it a cross origin request ?
-        if (origin != null)
+        if (origin != null && isEnabled(request))
         {
             if (originMatches(origin))
             {
@@ -186,6 +186,18 @@ public class CrossOriginFilter implements Filter
         chain.doFilter(request, response);
     }
 
+    protected boolean isEnabled(HttpServletRequest request)
+    {
+        // WebSocket clients such as Chrome 5 implement a version of the WebSocket
+        // protocol that does not accept extra response headers on the upgrade response
+        if ("Upgrade".equalsIgnoreCase(request.getHeader("Connection")) &&
+            "WebSocket".equalsIgnoreCase(request.getHeader("Upgrade")))
+        {
+            return false;
+        }
+        return true;
+    }
+
     private boolean originMatches(String origin)
     {
         if (anyOriginAllowed) return true;