On 18/09/2012 21:27, Nikos Viorres wrote: > If i am not mistaken, this is considered XSS and is not allowed,
Yes, you are mistaken. The WebSocket spec specifically considers this scenario and there are security controls in place if you wish to use them. Mark although a > different port is. I was looking at websockets a couple of months ago for > an enterprise app and decided against using them for these problems, i went > with Long polling and async requests instead which are compabtible with > almost all browsers and dont have problems with proxies. > > N > > On Tue, Sep 18, 2012 at 11:14 PM, Mark Thomas <ma...@apache.org> wrote: > >> On 18/09/2012 21:13, Nikos Viorres wrote: >>> That is of course a solution, but then prepare to have problems with >>> firewalls, proxies etc. >> >> Separate hostname then, still on port 80. >> >> Mark >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
