prosody
020c5cd6eb28

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

5654:020c5cd6eb28

mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
author Waqas Hussain <waqas20@gmail.com>
date Fri, 07 Jun 2013 14:20:13 -0400
parents 5653:c7d10b1a64b1
children 5655:6d7f7548b2c9
files plugins/mod_bosh.lua
diffstat 1 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_bosh.lua	Fri Jun 07 13:24:56 2013 -0400
+++ b/plugins/mod_bosh.lua	Fri Jun 07 14:20:13 2013 -0400
@@ -100,7 +100,9 @@
 end
 
 function handle_OPTIONS(event)
-	set_cross_domain_headers(event.response);
+	if cross_domain and event.request.headers.origin then
+		set_cross_domain_headers(event.response);
+	end
 	return "";
 end
 
@@ -118,7 +120,7 @@
 	local headers = response.headers;
 	headers.content_type = "text/xml; charset=utf-8";
 
-	if cross_domain then
+	if cross_domain and event.request.headers.origin then
 		set_cross_domain_headers(response);
 	end