Openfire

Add CORS headers to HTTP-Binding/BOSH

Details

  • Type: Improvement Improvement
  • Status: In Progress In Progress
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 3.7.0
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Acceptance Test - Add?:
    No

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Daniel Haigh added a comment -

This would be great for a project we are working on which integrates Strophe.

We will add this feature and submit the patch here.

Show
Daniel Haigh added a comment - This would be great for a project we are working on which integrates Strophe. We will add this feature and submit the patch here.
Hide
Permalink
Daryl Herzmann added a comment -

Daniel,

Thanks for your interest in this. Please be aware that there appears to be a number of tough to figure out bugs with openfire's bosh implementation. Most users on the forums have abandoned it and use punjab instead to get bosh clients to openfire (including me.).

Show
Daryl Herzmann added a comment - Daniel, Thanks for your interest in this. Please be aware that there appears to be a number of tough to figure out bugs with openfire's bosh implementation. Most users on the forums have abandoned it and use punjab instead to get bosh clients to openfire (including me.).
Hide
Permalink
Daniel Haigh added a comment -

I have attached the CORS.patch.diff which allows CORS support in Openfire. This was developed by one of our developers - Liyu Wang.

Just a few points to note:

1. There is a settings section added to admin under Server Settings > HTTP Binding. This has been hard coded in English so would need adding to your resource file so it can be translated. We haven't looked into how this works.

2. For this to work in Chrome and Safari you need to make sure your Javascript library sends through a Content-Type 'text/plain' heading.
In strophe.js we modified this function to get it working.

var sendFunc = function () { req.date = new Date(); req.xhr.setRequestHeader('Content-Type', 'text/plain'); req.xhr.send(req.data); };

3. Internet Explorer's default security level does not allow CORS to work. If you require IE support then you would have to consider using a proxy on your web server.

Please let me know if you have any issues or require any clarification.

Show
Daniel Haigh added a comment - I have attached the CORS.patch.diff which allows CORS support in Openfire. This was developed by one of our developers - Liyu Wang. Just a few points to note: 1. There is a settings section added to admin under Server Settings > HTTP Binding. This has been hard coded in English so would need adding to your resource file so it can be translated. We haven't looked into how this works. 2. For this to work in Chrome and Safari you need to make sure your Javascript library sends through a Content-Type 'text/plain' heading. In strophe.js we modified this function to get it working. var sendFunc = function () { req.date = new Date(); req.xhr.setRequestHeader('Content-Type', 'text/plain'); req.xhr.send(req.data); }; 3. Internet Explorer's default security level does not allow CORS to work. If you require IE support then you would have to consider using a proxy on your web server. Please let me know if you have any issues or require any clarification.
Hide
Permalink
Daniel Haigh added a comment -

Daryl - in regards to BOSH stability - we are not experiencing any issues with it and have been using it for years. We would have thousands of clients connecting via BOSH at any time. Are there issues tracked for the bugs?

Show
Daniel Haigh added a comment - Daryl - in regards to BOSH stability - we are not experiencing any issues with it and have been using it for years. We would have thousands of clients connecting via BOSH at any time. Are there issues tracked for the bugs?
Hide
Permalink
Julian Dropmann added a comment -

Can we expect this patch to be integrated in the official version at any time soon?

I am considering using openfire HTTP-Binding for a webkit-only project and do not want to use any kind of proxy-server solutions.

According to http://caniuse.com/cors it should also work with IE8/9s XDomainRequest object.

Its a little bit disappointing, that such a clear improvement takes 2 years to be implemented, considering you basically only need to respond with 4 W3C specified (http://www.w3.org/TR/cors/) HTTP headers to an OPTIONS request...

Show
Julian Dropmann added a comment - Can we expect this patch to be integrated in the official version at any time soon? I am considering using openfire HTTP-Binding for a webkit-only project and do not want to use any kind of proxy-server solutions. According to http://caniuse.com/cors it should also work with IE8/9s XDomainRequest object. Its a little bit disappointing, that such a clear improvement takes 2 years to be implemented, considering you basically only need to respond with 4 W3C specified (http://www.w3.org/TR/cors/) HTTP headers to an OPTIONS request...
Hide
Permalink
Daryl Herzmann added a comment -

Julian, please understand that we only have one active committing developer and he is a volunteer. We need more committers!

Show
Daryl Herzmann added a comment - Julian, please understand that we only have one active committing developer and he is a volunteer. We need more committers!
Hide
Permalink
Daniel Haigh added a comment -

Hi Julian, we did end up getting this working with the XDomainRequest ojbect in IE, and managed to integrate it with Strophe also.

Show
Daniel Haigh added a comment - Hi Julian, we did end up getting this working with the XDomainRequest ojbect in IE, and managed to integrate it with Strophe also.
Hide
Permalink
Ryan Cromwell added a comment -

I've integrated the patch into 3.7.1 and pushed it to github if anyone wants it. I'm not openfire expert, but we're having success with it so far. https://github.com/cromwellryan/openfire

Show
Ryan Cromwell added a comment - I've integrated the patch into 3.7.1 and pushed it to github if anyone wants it. I'm not openfire expert, but we're having success with it so far. https://github.com/cromwellryan/openfire

People

Vote (2)
Watch (3)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.