prosody
ace62f19076d
plugins/mod_bosh.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_bosh.lua @ 2485:ace62f19076d

mod_bosh: Simplify cross-domain support, and make it work - default is for cross-domain to be disallowed
author Matthew Wild <mwild1@gmail.com>
date Fri, 22 Jan 2010 03:18:55 +0000
parent 2484:cf924f587410
child 2486:f0335b7284b1
comparison
equal deleted inserted replaced
2484:cf924f587410 2485:ace62f19076d
29 local BOSH_DEFAULT_INACTIVITY = tonumber(module:get_option("bosh_max_inactivity")) or 60; 29 local BOSH_DEFAULT_INACTIVITY = tonumber(module:get_option("bosh_max_inactivity")) or 60;
30 local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or 5; 30 local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or 5;
31 local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2; 31 local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2;
32 local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300; 32 local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300;
33 33
34 local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} };
35
34 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; 36 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" };
35 local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; 37
36
37 local http_options, http_denied_options = { headers = {} }, { headers = {} };
38 local cross_domain = module:get_option("cross_domain_bosh"); 38 local cross_domain = module:get_option("cross_domain_bosh");
39 if cross_domain ~= false then 39 if cross_domain then
40 http_options.headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; 40 default_headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS";
41 http_options.headers["Access-Control-Allow-Headers"] = "Content-Type"; 41 default_headers["Access-Control-Allow-Headers"] = "Content-Type";
42 http_options.headers["Access-Control-Max-Age"] = "86400"; 42 default_headers["Access-Control-Max-Age"] = "7200";
43 43
44 if cross_domain == true then 44 if cross_domain == true then
45 http_options.headers["Access-Control-Allow-Origin"] = "*"; 45 default_headers["Access-Control-Allow-Origin"] = "*";
46 elseif type(cross_domain) == "table" then 46 elseif type(cross_domain) == "table" then
47 cross_domain = table.concat(cross_domain, ", "); 47 cross_domain = table.concat(cross_domain, ", ");
48 end 48 end
49 if type(cross_domain) == "string" then 49 if type(cross_domain) == "string" then
50 http_options.headers["Access-Control-Allow-Origin"] = cross_domain; 50 default_headers["Access-Control-Allow-Origin"] = cross_domain;
51 end 51 end
52 end 52 end
53 53
54 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; 54 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
55 local os_time = os.time; 55 local os_time = os.time;
74 (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]); 74 (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]);
75 end 75 end
76 end 76 end
77 end 77 end
78 78
79 local function send_options_headers(request)
80 if cross_domain == nil then
81 local host = request.headers.host and request.headers.host:match("^[^:]+");
82 if hosts[host] then
83 http_options.headers["Access-Control-Allow-Origin"] = "http://"..host;
84 else
85 return http_denied_options; -- We don't want to reveal the hosts we serve
86 end
87 end
88 return http_options;
89 end
90
91 function handle_request(method, body, request) 79 function handle_request(method, body, request)
92 if (not body) or request.method ~= "POST" then 80 if (not body) or request.method ~= "POST" then
93 if request.method == "OPTIONS" then 81 if request.method == "OPTIONS" then
94 return send_options_headers(request); 82 return { headers = default_headers, body = "" };
95 else 83 else
96 return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; 84 return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>";
97 end 85 end
98 end 86 end
99 if not method then 87 if not method then