diff options
author | Waqas Hussain <waqas20@gmail.com> | 2013-06-07 14:20:13 -0400 |
---|---|---|
committer | Waqas Hussain <waqas20@gmail.com> | 2013-06-07 14:20:13 -0400 |
commit | 8e44ad94a9cb442bd7a03830a2a8548c3833fe68 (patch) | |
tree | da6bca9b8076531e3689a41a9baa10b4365c77d1 /plugins/mod_bosh.lua | |
parent | a22bd3606b9c4e5017d00f9d80512d70e2bf4f6f (diff) | |
download | prosody-8e44ad94a9cb442bd7a03830a2a8548c3833fe68.tar.gz prosody-8e44ad94a9cb442bd7a03830a2a8548c3833fe68.zip |
mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
Diffstat (limited to 'plugins/mod_bosh.lua')
-rw-r--r-- | plugins/mod_bosh.lua | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 48d16df1..04d85e60 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -100,7 +100,9 @@ local function set_cross_domain_headers(response) end function handle_OPTIONS(event) - set_cross_domain_headers(event.response); + if cross_domain and event.request.headers.origin then + set_cross_domain_headers(event.response); + end return ""; end @@ -118,7 +120,7 @@ function handle_POST(event) local headers = response.headers; headers.content_type = "text/xml; charset=utf-8"; - if cross_domain then + if cross_domain and event.request.headers.origin then set_cross_domain_headers(response); end |