Software / code / prosody
Changeset
9795:02735bc82126
mod_websocket: Drop CORS code in favor of that in mod_http
Like for mod_bosh, deprecates consider_websocket_secure and depend on
mod_http_crossdomain if it is set.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 04 Oct 2018 12:24:08 +0200 |
| parents | 9794:4b5c24f13d4a |
| children | 9796:adfb29f44412 |
| files | plugins/mod_websocket.lua prosodyctl |
| diffstat | 2 files changed, 5 insertions(+), 35 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_websocket.lua Thu Oct 04 12:23:06 2018 +0200 +++ b/plugins/mod_websocket.lua Thu Oct 04 12:24:08 2018 +0200 @@ -29,18 +29,11 @@ local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure"); -local cross_domain = module:get_option_set("cross_domain_websocket", {}); -if cross_domain:contains("*") or cross_domain:contains(true) then - cross_domain = true; +local cross_domain = module:get_option("cross_domain_websocket"); +if cross_domain ~= nil then + module:log("info", "The 'cross_domain_websocket' option has been deprecated"); + module:depends("http_crossdomain"); end - -local function check_origin(origin) - if cross_domain == true then - return true; - end - return cross_domain:contains(origin); -end - local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing"; local xmlns_streams = "http://etherx.jabber.org/streams"; local xmlns_client = "jabber:client"; @@ -158,11 +151,6 @@ return 501; end - if not check_origin(request.headers.origin or "") then - module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket'", request.headers.origin or "(missing header)"); - return 403; - end - local function websocket_close(code, message) conn:write(build_close(code, message)); conn:close(); @@ -329,22 +317,4 @@ function module.add_host(module) module:hook("c2s-read-timeout", keepalive, -0.9); - - if cross_domain ~= true then - local url = require "socket.url"; - local ws_url = module:http_url("websocket", "xmpp-websocket"); - local url_components = url.parse(ws_url); - -- The 'Origin' consists of the base URL without path - url_components.path = nil; - local this_origin = url.build(url_components); - local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin }); - -- Don't add / remove something added by another host - -- This might be weird with random load order - local_cross_domain:exclude(cross_domain); - cross_domain:include(local_cross_domain); - module:log("debug", "cross_domain = %s", tostring(cross_domain)); - function module.unload() - cross_domain:exclude(local_cross_domain); - end - end end
--- a/prosodyctl Thu Oct 04 12:23:06 2018 +0200 +++ b/prosodyctl Thu Oct 04 12:24:08 2018 +0200 @@ -806,7 +806,7 @@ print("Checking config..."); local deprecated = set.new({ "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption", - "vcard_compatibility", "cross_domain_bosh", + "vcard_compatibility", "cross_domain_bosh", "cross_domain_websocket" }); local known_global_options = set.new({ "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
