diff options
author | Waqas Hussain <waqas20@gmail.com> | 2013-06-07 14:20:13 -0400 |
---|---|---|
committer | Waqas Hussain <waqas20@gmail.com> | 2013-06-07 14:20:13 -0400 |
commit | d826b6cebb94355ec052f615786a113d547d8ca0 (patch) | |
tree | da6bca9b8076531e3689a41a9baa10b4365c77d1 /plugins/mod_bosh.lua | |
parent | 6dba024252dd26e615f6e81b611bc13a7f07ca38 (diff) | |
download | prosody-d826b6cebb94355ec052f615786a113d547d8ca0.tar.gz prosody-d826b6cebb94355ec052f615786a113d547d8ca0.zip |
mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
Diffstat (limited to 'plugins/mod_bosh.lua')
-rw-r--r-- | plugins/mod_bosh.lua | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 48d16df1..04d85e60 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -100,7 +100,9 @@ local function set_cross_domain_headers(response) end function handle_OPTIONS(event) - set_cross_domain_headers(event.response); + if cross_domain and event.request.headers.origin then + set_cross_domain_headers(event.response); + end return ""; end @@ -118,7 +120,7 @@ function handle_POST(event) local headers = response.headers; headers.content_type = "text/xml; charset=utf-8"; - if cross_domain then + if cross_domain and event.request.headers.origin then set_cross_domain_headers(response); end |