prosody
b33558969b3e
plugins/mod_websocket.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_websocket.lua @ 12444:b33558969b3e 0.12

mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731) The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
author Matthew Wild <mwild1@gmail.com>
date Mon, 28 Mar 2022 14:53:24 +0100
parent 12263:168970ce8543
child 12894:0598d822614f
line wrap: on
line diff
--- a/plugins/mod_websocket.lua	Mon Mar 28 14:40:21 2022 +0100
+++ b/plugins/mod_websocket.lua	Mon Mar 28 14:53:24 2022 +0100
@@ -355,6 +355,9 @@
 	module:provides("http", {
 		name = "websocket";
 		default_path = "xmpp-websocket";
+		cors = {
+			enabled = true;
+		};
 		route = {
 			["GET"] = handle_request;
 			["GET /"] = handle_request;