mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)

The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.

Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.

0 files changed, 0 insertions, 0 deletions