diff options
| author | Kim Alvefur <zash@zash.se> | 2018-10-04 12:23:06 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2018-10-04 12:23:06 +0200 |
| commit | 467260e6f51942bc4a113bc0ca23808002289147 (patch) | |
| tree | c22b79ad424663ad5945123ec30120f9f9e41888 /plugins/mod_bosh.lua | |
| parent | 87639540e4ea43c57eb3d31b78e0b5acaf68f97a (diff) | |
| download | prosody-467260e6f51942bc4a113bc0ca23808002289147.tar.gz prosody-467260e6f51942bc4a113bc0ca23808002289147.zip | |
mod_bosh: Drop CORS code in favor of than in mod_http
This deprecates the cross_domain_bosh setting. As a compat measure, if
it is set, mod_http_crossdomain is loaded.
Diffstat (limited to 'plugins/mod_bosh.lua')
| -rw-r--r-- | plugins/mod_bosh.lua | 30 |
1 files changed, 5 insertions, 25 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index d4701148..82615161 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -44,10 +44,12 @@ local bosh_max_polling = module:get_option_number("bosh_max_polling", 5); local bosh_max_wait = module:get_option_number("bosh_max_wait", 120); local consider_bosh_secure = module:get_option_boolean("consider_bosh_secure"); -local cross_domain = module:get_option("cross_domain_bosh", false); +local cross_domain = module:get_option("cross_domain_bosh"); -if cross_domain == true then cross_domain = "*"; end -if type(cross_domain) == "table" then cross_domain = table.concat(cross_domain, ", "); end +if cross_domain ~= nil then + module:log("info", "The 'cross_domain_bosh' option has been deprecated"); + module:depends("http_crossdomain"); +end local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; @@ -91,22 +93,6 @@ function check_inactive(now, session, context, reason) -- luacheck: ignore 212/n end end -local function set_cross_domain_headers(response) - local headers = response.headers; - headers.access_control_allow_methods = "GET, POST, OPTIONS"; - headers.access_control_allow_headers = "Content-Type"; - headers.access_control_max_age = "7200"; - headers.access_control_allow_origin = cross_domain; - return response; -end - -function handle_OPTIONS(event) - if cross_domain and event.request.headers.origin then - set_cross_domain_headers(event.response); - end - return ""; -end - function handle_POST(event) log("debug", "Handling new request %s: %s\n----------", tostring(event.request), tostring(event.request.body)); @@ -121,10 +107,6 @@ function handle_POST(event) local headers = response.headers; headers.content_type = "text/xml; charset=utf-8"; - if cross_domain and request.headers.origin then - set_cross_domain_headers(response); - end - -- stream:feed() calls the stream_callbacks, so all stanzas in -- the body are processed in this next line before it returns. -- In particular, the streamopened() stream callback is where @@ -511,8 +493,6 @@ module:provides("http", { route = { ["GET"] = GET_response; ["GET /"] = GET_response; - ["OPTIONS"] = handle_OPTIONS; - ["OPTIONS /"] = handle_OPTIONS; ["POST"] = handle_POST; ["POST /"] = handle_POST; }; |