Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 14:53:46 +0100] rev 12449
Merge 0.12->trunk
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 14:53:24 +0100] rev 12448
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 14:40:21 +0100] rev 12447
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
This is far better than pre-0.12, because we now have a universal way to
configure and enable/disable CORS on a per-module basis.
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 11:42:16 +0100] rev 12446
Merge 0.12->trunk
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 11:41:57 +0100] rev 12445
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 11:41:32 +0100] rev 12444
configmanager: Add method to report loaded config files (part of #1729 fix)
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 11:08:53 +0100] rev 12443
Merge 0.12->trunk
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 11:08:18 +0100] rev 12442
mod_tombstones: Add caching to improve performance on busy servers (fixes #1728)
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 10:47:21 +0100] rev 12441
mod_turn_external: Update status and friendlier handling of missing secret option (fixes #1727)
Kim Alvefur <zash@zash.se> [Sun, 27 Mar 2022 18:45:19 +0200] rev 12440
Merge 0.12->trunk