Annotate
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
| author |
Matthew Wild <mwild1@gmail.com> |
| date |
Mon, 28 Mar 2022 14:53:24 +0100 |
| parent |
5403:d7ecf6cd584e |
| rev |
line source |
|
5403
|
1
|
|
|
2 The Prosody project is open to contributions (see HACKERS file), but is
|
|
|
3 maintained daily by:
|
|
94
|
4
|
|
5403
|
5 - Matthew Wild (mail: matthew [at] prosody.im)
|
|
|
6 - Waqas Hussain (mail: waqas [at] prosody.im)
|
|
|
7 - Kim Alvefur (mail: zash [at] prosody.im)
|
|
|
8
|
|
|
9 You can reach us collectively by email: developers [at] prosody.im
|
|
|
10 or in realtime in the Prosody chatroom: prosody@conference.prosody.im
|
