Sock js client complains of invalid Access-control-allow-origin even though its part of response -with safari

[Chandan Pandey]

I am using spring sockjs server in tomcat container 8.0. I have configured on server to add allowed origins in header along with allow credentials flag. When I make a REST call which is cross origin -it works just perfect. But when sock Js client fails to establish websocket in a browser which does not support websocket and falls back to one of comet implementation as xhr -then it complains of "xyz" IP not allowed for CORS -observed with safari.

    Status Code:200 OK
    Request Headersview parsed
    Origin: http://localhost
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2
    Referer: http://localhost/x/r/d
    Response Headersview source
    Access-Control-Allow-Credentials:true
    Access-Control-Allow-Origin:http://localhost
    Cache-Control:no-store, no-cache, must-revalidate, max-age=0
    Content-Type:application/javascript;charset=UTF-8
    Date:Tue, 25 Feb 2014 13:48:42 GMT
    Server:Apache-Coyote/1.1
    Transfer-Encoding:Identity
 
The request and response header match still safari complain of localhost not allowed by Access-control-allow-origin
Not sure if this a sockjs client issues or server issue