I am using spring sockjs server in tomcat container 8.0. I have configured on server to add allowed origins in header along with allow credentials flag. When I make a REST call which is cross origin -it works just perfect. But when sock Js client fails to establish websocket in a browser which does not support websocket and falls back to one of comet implementation as xhr -then it complains of "xyz" IP not allowed for CORS -observed with safari.
Status Code:200 OK
Request Headersview parsed
Origin:
http://localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2
Referer:
http://localhost/x/r/d Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:
http://localhost Cache-Control:no-store, no-cache, must-revalidate, max-age=0
Content-Type:application/javascript;charset=UTF-8
Date:Tue, 25 Feb 2014 13:48:42 GMT
Server:Apache-Coyote/1.1
Transfer-Encoding:Identity
The request and response header match still safari complain of localhost not allowed by Access-control-allow-origin
Not sure if this a sockjs client issues or server issue