prosody
b33558969b3e
spec/scansion/muc_nickname_robotface.scs
Software / code / prosody
File
spec/scansion/muc_nickname_robotface.scs @ 12444:b33558969b3e 0.12
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 28 Mar 2022 14:53:24 +0100 |
| parent | 11411:f1fe37916501 |
line wrap: on
line source
# MUC: Prevent nicknames failing strict resourceprep [Client] Romeo jid: user@localhost password: password [Client] Roboteo jid: bot@localhost password: password ----- Romeo connects Romeo sends: <presence to="nobots@conference.localhost/Romeo"> <x xmlns="http://jabber.org/protocol/muc"/> </presence> Romeo receives: <presence from='nobots@conference.localhost/Romeo'> <x xmlns='http://jabber.org/protocol/muc#user'> <status code='201'/> <item jid="${Romeo's full JID}" affiliation='owner' role='moderator'/> <status code='110'/> </x> </presence> Romeo receives: <message type='groupchat' from='nobots@conference.localhost'><subject/></message> Roboteo connects Roboteo sends: <presence to="nobots@conference.localhost/🤖️"> <x xmlns="http://jabber.org/protocol/muc"/> </presence> Roboteo receives: <presence type='error' from='nobots@conference.localhost/🤖'> <error by='nobots@conference.localhost' type='modify'> <jid-malformed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Nickname must pass strict validation</text> </error> </presence>
