diff options
| author | Matthew Wild <mwild1@gmail.com> | 2022-03-28 14:53:46 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2022-03-28 14:53:46 +0100 |
| commit | ea2cd6d6768281229b220fa07b246c5b516ffeae (patch) | |
| tree | 4a76734b2c09eb97fc0c28851da2ce8a48d316c9 | |
| parent | 6a923e65c9a4f1129a448e7c41335d20e375be34 (diff) | |
| parent | f19f1088b757c41c2c63b328f1d3faca8fe9a857 (diff) | |
| download | prosody-ea2cd6d6768281229b220fa07b246c5b516ffeae.tar.gz prosody-ea2cd6d6768281229b220fa07b246c5b516ffeae.zip | |
Merge 0.12->trunk
| -rw-r--r-- | plugins/mod_bosh.lua | 3 | ||||
| -rw-r--r-- | plugins/mod_http.lua | 44 | ||||
| -rw-r--r-- | plugins/mod_http_file_share.lua | 1 | ||||
| -rw-r--r-- | plugins/mod_websocket.lua | 3 |
4 files changed, 38 insertions, 13 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 9f08156c..11bfb51d 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -547,6 +547,9 @@ function module.add_host(module) module:depends("http"); module:provides("http", { default_path = "/http-bind"; + cors = { + enabled = true; + }; route = { ["GET"] = GET_response; ["GET /"] = GET_response; diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index a31418cf..b26adb1c 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -31,8 +31,10 @@ server.set_option("body_size_limit", module:get_option_number("http_max_content_ server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size")); -- CORS settings +local cors_overrides = module:get_option("http_cors_override", {}); local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); +local opt_origins = module:get_option_set("access_control_allow_origins"); local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false); local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); @@ -109,7 +111,10 @@ function moduleapi.http_url(module, app_name, default_path) return "http://disabled.invalid/"; end -local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, origin) +local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin) + if allowed_origins and not allowed_origins[origin] then + return; + end response.headers.access_control_allow_methods = tostring(methods); response.headers.access_control_allow_headers = tostring(headers); response.headers.access_control_max_age = tostring(max_age) @@ -141,10 +146,14 @@ function module.add_host(module) local app_methods = opt_methods; local app_headers = opt_headers; local app_credentials = opt_credentials; + local app_origins; + if opt_origins and not (opt_origins:empty() or opt_origins:contains("*")) then + opt_origins = opt_origins._items; + end local function cors_handler(event_data) local request, response = event_data.request, event_data.response; - apply_cors_headers(response, app_methods, app_headers, opt_max_age, app_credentials, request.headers.origin); + apply_cors_headers(response, app_methods, app_headers, opt_max_age, app_credentials, app_origins, request.headers.origin); end local function options_handler(event_data) @@ -152,17 +161,26 @@ function module.add_host(module) return ""; end - if event.item.cors then - local cors = event.item.cors; - if cors.credentials ~= nil then - app_credentials = cors.credentials; - end - if cors.headers then - for header, enable in pairs(cors.headers) do - if enable and not app_headers:contains(header) then - app_headers = app_headers + set.new { header }; - elseif not enable and app_headers:contains(header) then - app_headers = app_headers - set.new { header }; + local cors = cors_overrides[app_name] or event.item.cors; + if cors then + if cors.enabled == true then + if cors.credentials ~= nil then + app_credentials = cors.credentials; + end + if cors.headers then + for header, enable in pairs(cors.headers) do + if enable and not app_headers:contains(header) then + app_headers = app_headers + set.new { header }; + elseif not enable and app_headers:contains(header) then + app_headers = app_headers - set.new { header }; + end + end + end + if cors.origins then + if cors.origins == "*" or cors.origins[1] == "*" then + app_origins = nil; + else + app_origins = set.new(cors.origins)._items; end end end diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 8e433471..b6200628 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -578,6 +578,7 @@ if not external_base_url then module:provides("http", { streaming_uploads = true; cors = { + enabled = true; credentials = true; headers = { Authorization = true; diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c4f172fc..bddcbb79 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -355,6 +355,9 @@ function module.add_host(module) module:provides("http", { name = "websocket"; default_path = "xmpp-websocket"; + cors = { + enabled = true; + }; route = { ["GET"] = handle_request; ["GET /"] = handle_request; |