Merge pull request #833 in CORE/base-third from bugfix/10.0 to feature/10.0

* commit 'fb2c61df264f9a5727fa6a19a03b4b97353f5d6c':
  KERNEL-5056 fix: 使用自定义分隔符
  KERNEL-5056 feat: Websocket支持将token放入header而不是url中

fine-socketio/src/main/java/com/fr/third/socketio/handler/EncoderHandler.java

@@ -80,6 +80,8 @@ public class EncoderHandler extends ChannelOutboundHandlerAdapter {
 
     private static final Logger log = LoggerFactory.getLogger(EncoderHandler.class);
 
+    private static final String SEPARATOR_COMMA = ",";
+
     private final PacketEncoder encoder;
 
     private String version;
@@ -201,9 +203,17 @@ public class EncoderHandler extends ChannelOutboundHandlerAdapter {
             res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE);
         }
 
+        // 使websocket请求可携带特定header
         String allowHeaders = configuration.getAccessControlAllowHeaders();
+        // 取出现有access-control-allow-headers，去掉空格并拼接新的header到末尾。直接addHeader时IE 10/11会找不到。
         if (!isEmpty(allowHeaders)) {
-            res.headers().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS, configuration.getAccessControlAllowHeaders());
+            String header = res.headers().get(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS);
+            if (!isEmpty(header)) {
+                header = header.trim() + SEPARATOR_COMMA + configuration.getAccessControlAllowHeaders();
+                res.headers().set(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS, header);
+            } else {
+                res.headers().set(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS, configuration.getAccessControlAllowHeaders());
+            }
         }
     }