Software /
code /
prosody-modules
File
mod_deny_omemo/mod_deny_omemo.lua @ 5548:fd3c12c40cd9
mod_http_oauth2: Disable CORS for authorization endpoint
Per recommendation in draft-ietf-oauth-security-topics-23
Hopefully it is enough to return an error status, since mod_http will
add CORS headers from a handler with higher priority, even for OPTIONS.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 16 Jun 2023 00:05:57 +0200 |
parent | 3053:2ad35f08bd57 |
line wrap: on
line source
local st = require "util.stanza"; local omemo_namespace_prefix = "eu.siacs.conversations.axolotl." module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", function (event) local origin, stanza = event.origin, event.stanza; local node = stanza.tags[1].tags[1].attr.node; if node and node:sub(1, #omemo_namespace_prefix) == omemo_namespace_prefix then origin.send(st.error_reply(stanza, "cancel", "item-not-found", "OMEMO is disabled")); return true; end end, 10);