Software / code / prosody
Annotate
spec/scansion/version.scs @ 12444:b33558969b3e 0.12
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 28 Mar 2022 14:53:24 +0100 |
| parent | 10729:dbce2b94a7eb |
| rev | line source |
|---|---|
| 10729 | 1 # XEP-0092: Software Version / mod_version |
| 2 | |
| 3 [Client] Romeo | |
| 4 password: password | |
| 5 jid: romeo@localhost/dfaZpuxV | |
| 6 | |
| 7 ----- | |
| 8 | |
| 9 Romeo connects | |
| 10 | |
| 11 Romeo sends: | |
| 12 <iq id='lx2' to='localhost' type='get'> | |
| 13 <query xmlns='jabber:iq:version'/> | |
| 14 </iq> | |
| 15 | |
| 16 # Version string would vary so we can't do an exact match atm | |
| 17 # Inclusion of <os/> is disabled in the config, it should be absent | |
| 18 Romeo receives: | |
| 19 <iq id='lx2' from='localhost' type='result'> | |
| 20 <query xmlns='jabber:iq:version' scansion:strict='true'> | |
| 21 <name>Prosody</name> | |
| 22 <version scansion:strict='false'/> | |
| 23 </query> | |
| 24 </iq> | |
| 25 | |
| 26 | |
| 27 Romeo disconnects |
