public interface StompWebSocketEndpointRegistration
Modifier and Type | Method and Description |
---|---|
StompWebSocketEndpointRegistration |
addInterceptors(HandshakeInterceptor... interceptors)
Configure the HandshakeInterceptor's to use.
|
StompWebSocketEndpointRegistration |
setAllowedOriginPatterns(String... originPatterns)
A variant of
setAllowedOrigins(String...) that accepts flexible
domain patterns, e.g. |
StompWebSocketEndpointRegistration |
setAllowedOrigins(String... origins)
Configure allowed
Origin header values. |
StompWebSocketEndpointRegistration |
setHandshakeHandler(HandshakeHandler handshakeHandler)
Configure the HandshakeHandler to use.
|
SockJsServiceRegistration |
withSockJS()
Enable SockJS fallback options.
|
SockJsServiceRegistration withSockJS()
StompWebSocketEndpointRegistration setHandshakeHandler(HandshakeHandler handshakeHandler)
StompWebSocketEndpointRegistration addInterceptors(HandshakeInterceptor... interceptors)
StompWebSocketEndpointRegistration setAllowedOrigins(String... origins)
Origin
header values. This check is mostly designed for
browser clients. There is nothing preventing other types of client to modify the
Origin
header value.
When SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.
Each provided allowed origin must start by "http://", "https://" or be "*" (means that all origins are allowed). By default, only same origin requests are allowed (empty list).
StompWebSocketEndpointRegistration setAllowedOriginPatterns(String... originPatterns)
setAllowedOrigins(String...)
that accepts flexible
domain patterns, e.g. "https://*.domain1.com"
. Furthermore it
always sets the Access-Control-Allow-Origin
response header to
the matched origin and never to "*"
, nor to any other pattern.