mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
--- a/plugins/mod_bosh.lua Fri Jun 07 13:24:56 2013 -0400
+++ b/plugins/mod_bosh.lua Fri Jun 07 14:20:13 2013 -0400
@@ -100,7 +100,9 @@
end
function handle_OPTIONS(event)
- set_cross_domain_headers(event.response);
+ if cross_domain and event.request.headers.origin then
+ set_cross_domain_headers(event.response);
+ end
return "";
end
@@ -118,7 +120,7 @@
local headers = response.headers;
headers.content_type = "text/xml; charset=utf-8";
- if cross_domain then
+ if cross_domain and event.request.headers.origin then
set_cross_domain_headers(response);
end