Thanks, i ll look into that On Tue, Sep 18, 2012 at 11:30 PM, Mark Thomas <ma...@apache.org> wrote:
> On 18/09/2012 21:27, Nikos Viorres wrote: > > If i am not mistaken, this is considered XSS and is not allowed, > > Yes, you are mistaken. The WebSocket spec specifically considers this > scenario and there are security controls in place if you wish to use them. > > Mark > > although a > > different port is. I was looking at websockets a couple of months ago for > > an enterprise app and decided against using them for these problems, i > went > > with Long polling and async requests instead which are compabtible with > > almost all browsers and dont have problems with proxies. > > > > N > > > > On Tue, Sep 18, 2012 at 11:14 PM, Mark Thomas <ma...@apache.org> wrote: > > > >> On 18/09/2012 21:13, Nikos Viorres wrote: > >>> That is of course a solution, but then prepare to have problems with > >>> firewalls, proxies etc. > >> > >> Separate hostname then, still on port 80. > >> > >> Mark > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
