# HG changeset patch
# User Waqas Hussain <waqas20@gmail.com>
# Date 1370629213 14400
# Node ID 020c5cd6eb28228a2f8390d6f69be4a2fc5edc55
# Parent  c7d10b1a64b1cc2905f72147f74a8e356f2deb19
mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.

diff -r c7d10b1a64b1 -r 020c5cd6eb28 plugins/mod_bosh.lua
--- a/plugins/mod_bosh.lua	Fri Jun 07 13:24:56 2013 -0400
+++ b/plugins/mod_bosh.lua	Fri Jun 07 14:20:13 2013 -0400
@@ -100,7 +100,9 @@
 end
 
 function handle_OPTIONS(event)
-	set_cross_domain_headers(event.response);
+	if cross_domain and event.request.headers.origin then
+		set_cross_domain_headers(event.response);
+	end
 	return "";
 end
 
@@ -118,7 +120,7 @@
 	local headers = response.headers;
 	headers.content_type = "text/xml; charset=utf-8";
 
-	if cross_domain then
+	if cross_domain and event.request.headers.origin then
 		set_cross_domain_headers(response);
 	end