Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
authorWaqas Hussain <waqas20@gmail.com>
Fri, 07 Jun 2013 14:20:13 -0400
changeset 5654 020c5cd6eb28
parent 5653 c7d10b1a64b1
child 5655 6d7f7548b2c9
mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
plugins/mod_bosh.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_bosh.lua	Fri Jun 07 13:24:56 2013 -0400
+++ b/plugins/mod_bosh.lua	Fri Jun 07 14:20:13 2013 -0400
@@ -100,7 +100,9 @@
 end
 
 function handle_OPTIONS(event)
-	set_cross_domain_headers(event.response);
+	if cross_domain and event.request.headers.origin then
+		set_cross_domain_headers(event.response);
+	end
 	return "";
 end
 
@@ -118,7 +120,7 @@
 	local headers = response.headers;
 	headers.content_type = "text/xml; charset=utf-8";
 
-	if cross_domain then
+	if cross_domain and event.request.headers.origin then
 		set_cross_domain_headers(response);
 	end
prosody