prosody
45caa4e43775
plugins/mod_http.lua
Software / code / prosody
Comparison
plugins/mod_http.lua @ 13069:45caa4e43775
mod_http: Fix reliance on previous tostring() format of util.set
a863e4237b91 unintentionally changed the format of HTTP CORS headers,
which were apparently relying on the output of tostring(), which it
shouldn't have.
Explicitly serializing it this time.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 10 Apr 2023 11:50:27 +0200 |
| parent | 12977:74b9e05af71e |
| child | 13107:9c4dc1e6d2c9 |
comparison
equal
deleted
inserted
replaced
| 13068:7a75cbc4d87c | 13069:45caa4e43775 |
|---|---|
| 15 local moduleapi = require "prosody.core.moduleapi"; | 15 local moduleapi = require "prosody.core.moduleapi"; |
| 16 local url_parse = require "socket.url".parse; | 16 local url_parse = require "socket.url".parse; |
| 17 local url_build = require "socket.url".build; | 17 local url_build = require "socket.url".build; |
| 18 local normalize_path = require "prosody.util.http".normalize_path; | 18 local normalize_path = require "prosody.util.http".normalize_path; |
| 19 local set = require "prosody.util.set"; | 19 local set = require "prosody.util.set"; |
| 20 local array = require "util.array"; | |
| 20 | 21 |
| 21 local ip_util = require "prosody.util.ip"; | 22 local ip_util = require "prosody.util.ip"; |
| 22 local new_ip = ip_util.new_ip; | 23 local new_ip = ip_util.new_ip; |
| 23 local match_ip = ip_util.match; | 24 local match_ip = ip_util.match; |
| 24 local parse_cidr = ip_util.parse_cidr; | 25 local parse_cidr = ip_util.parse_cidr; |
| 110 module:log("warn", "No http ports enabled, can't generate an external URL"); | 111 module:log("warn", "No http ports enabled, can't generate an external URL"); |
| 111 end | 112 end |
| 112 return "http://disabled.invalid/"; | 113 return "http://disabled.invalid/"; |
| 113 end | 114 end |
| 114 | 115 |
| 116 local function header_set_tostring(header_value) | |
| 117 return array(pairs(header_value._items)):concat(", "); | |
| 118 end | |
| 119 | |
| 115 local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin) | 120 local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin) |
| 116 if allowed_origins and not allowed_origins[origin] then | 121 if allowed_origins and not allowed_origins[origin] then |
| 117 return; | 122 return; |
| 118 end | 123 end |
| 119 response.headers.access_control_allow_methods = tostring(methods); | 124 response.headers.access_control_allow_methods = header_set_tostring(methods); |
| 120 response.headers.access_control_allow_headers = tostring(headers); | 125 response.headers.access_control_allow_headers = header_set_tostring(headers); |
| 121 response.headers.access_control_max_age = tostring(max_age) | 126 response.headers.access_control_max_age = tostring(max_age) |
| 122 response.headers.access_control_allow_origin = origin or "*"; | 127 response.headers.access_control_allow_origin = origin or "*"; |
| 123 if allow_credentials then | 128 if allow_credentials then |
| 124 response.headers.access_control_allow_credentials = "true"; | 129 response.headers.access_control_allow_credentials = "true"; |
| 125 end | 130 end |
