prosody
b33558969b3e
net/httpserver.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

net/httpserver.lua @ 12444:b33558969b3e 0.12

mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731) The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
author Matthew Wild <mwild1@gmail.com>
date Mon, 28 Mar 2022 14:53:24 +0100
parent 8679:adc17a2bd6fd
child 12974:ba409c67353b
line wrap: on
line source

-- COMPAT w/pre-0.9
local log = require "util.logger".init("net.httpserver");
local traceback = debug.traceback;

local _ENV = nil;
-- luacheck: std none

local function fail()
	log("error", "Attempt to use legacy HTTP API. For more info see https://prosody.im/doc/developers/legacy_http");
	log("error", "Legacy HTTP API usage, %s", traceback("", 2));
end

return {
	new = fail;
	new_from_config = fail;
	set_default_handler = fail;
};