prosody
b33558969b3e
spec/scansion/issue1121.scs
Software / code / prosody
File
spec/scansion/issue1121.scs @ 12444:b33558969b3e 0.12
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 28 Mar 2022 14:53:24 +0100 |
| parent | 12100:0b14b541fd27 |
line wrap: on
line source
# When removing roster contact, Prosody should send directed "unavailable" presence but sends global unavailable presence [Client] Romeo jid: romeo@localhost password: password [Client] Juliet jid: juliet@localhost password: password ----- Romeo connects Romeo sends <presence/> Romeo receives <presence from="${Romeo's full JID}"/> Juliet connects Juliet sends <presence/> Juliet receives <presence from="${Juliet's full JID}"/> Romeo sends <presence to="juliet@localhost" type="subscribe"/> Romeo receives <presence from="juliet@localhost" to="romeo@localhost"/> Juliet receives <presence from="romeo@localhost" to="juliet@localhost" type="subscribe"/> Juliet sends <presence to="romeo@localhost" type="subscribed"/> Romeo receives <presence from="${Juliet's full JID}" to="romeo@localhost"/> Juliet sends <presence to="romeo@localhost" type="subscribe"/> Juliet receives <presence from="romeo@localhost" to="juliet@localhost"/> Romeo receives <presence from="juliet@localhost" to="romeo@localhost" type="subscribe"/> Romeo sends <presence to="juliet@localhost" type="subscribed"/> Juliet receives <presence from="${Romeo's full JID}" to="juliet@localhost"/> Romeo receives <presence from="${Juliet's full JID}" to="romeo@localhost"/> Juliet sends <iq type="set" id="iq1"> <query xmlns="jabber:iq:roster"> <item jid="romeo@localhost" subscription="remove"/> </query> </iq> Juliet receives <iq type="result" id="iq1"/> Romeo receives <presence from="${Juliet's full JID}" to="romeo@localhost" type="unavailable"/> Romeo disconnects
