diff options
author | Matthew Wild <mwild1@gmail.com> | 2010-01-22 03:18:55 +0000 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2010-01-22 03:18:55 +0000 |
commit | bf86bf52423763d1f3407015d72959153d5fe71d (patch) | |
tree | bf8bb1ed3c15b062409cb34e4519a12a23f0c14d | |
parent | a308952de6843c3dd7773005c03051efb0bc7a64 (diff) | |
download | prosody-bf86bf52423763d1f3407015d72959153d5fe71d.tar.gz prosody-bf86bf52423763d1f3407015d72959153d5fe71d.zip |
mod_bosh: Simplify cross-domain support, and make it work - default is for cross-domain to be disallowed
-rw-r--r-- | plugins/mod_bosh.lua | 30 |
1 files changed, 9 insertions, 21 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 21bfbebf..e366b019 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -31,23 +31,23 @@ local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2; local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300; -local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; -local http_options, http_denied_options = { headers = {} }, { headers = {} }; +local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; + local cross_domain = module:get_option("cross_domain_bosh"); -if cross_domain ~= false then - http_options.headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; - http_options.headers["Access-Control-Allow-Headers"] = "Content-Type"; - http_options.headers["Access-Control-Max-Age"] = "86400"; +if cross_domain then + default_headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; + default_headers["Access-Control-Allow-Headers"] = "Content-Type"; + default_headers["Access-Control-Max-Age"] = "7200"; if cross_domain == true then - http_options.headers["Access-Control-Allow-Origin"] = "*"; + default_headers["Access-Control-Allow-Origin"] = "*"; elseif type(cross_domain) == "table" then cross_domain = table.concat(cross_domain, ", "); end if type(cross_domain) == "string" then - http_options.headers["Access-Control-Allow-Origin"] = cross_domain; + default_headers["Access-Control-Allow-Origin"] = cross_domain; end end @@ -76,22 +76,10 @@ function on_destroy_request(request) end end -local function send_options_headers(request) - if cross_domain == nil then - local host = request.headers.host and request.headers.host:match("^[^:]+"); - if hosts[host] then - http_options.headers["Access-Control-Allow-Origin"] = "http://"..host; - else - return http_denied_options; -- We don't want to reveal the hosts we serve - end - end - return http_options; -end - function handle_request(method, body, request) if (not body) or request.method ~= "POST" then if request.method == "OPTIONS" then - return send_options_headers(request); + return { headers = default_headers, body = "" }; else return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; end |