prosody
b33558969b3e
spec/scansion/presence_preapproval.scs
Software / code / prosody
File
spec/scansion/presence_preapproval.scs @ 12444:b33558969b3e 0.12
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 28 Mar 2022 14:53:24 +0100 |
| parent | 10515:35bf3b80480f |
line wrap: on
line source
# server supports contact subscription pre-approval (RFC 6121 3.4) [Client] Alice jid: preappove-a@localhost password: password [Client] Bob jid: preapprove-b@localhost password: password --------- Alice connects Alice sends: <presence/> Alice receives: <presence/> Alice sends: <presence to="${Bob's JID}" type="subscribed"/> Bob connects Bob sends: <iq type="get" id="roster1"> <query xmlns="jabber:iq:roster"/> </iq> Bob receives: <iq type="result" id="roster1"> <query xmlns="jabber:iq:roster" ver="{scansion:any}"> </query> </iq> Bob sends: <presence/> Bob receives: <presence from="${Bob's full JID}"/> Bob sends: <presence to="${Alice's JID}" type="subscribe" /> Bob receives: <iq type='set' id='{scansion:any}'> <query ver='1' xmlns='jabber:iq:roster'> <item jid="${Alice's JID}" subscription='none' ask='subscribe' /> </query> </iq> Bob receives: <presence from="${Alice's JID}" type="subscribed" /> Bob disconnects Alice sends: <iq type="get" id="roster1"> <query xmlns="jabber:iq:roster"/> </iq> Alice receives: <iq type="result" id="roster1"> <query xmlns="jabber:iq:roster" ver="{scansion:any}"> <item jid="${Bob's JID}" subscription="from" /> </query> </iq> Alice disconnects Bob disconnects
