aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-01-22 03:18:55 +0000
committerMatthew Wild <mwild1@gmail.com>2010-01-22 03:18:55 +0000
commitbf86bf52423763d1f3407015d72959153d5fe71d (patch)
treebf8bb1ed3c15b062409cb34e4519a12a23f0c14d /plugins
parenta308952de6843c3dd7773005c03051efb0bc7a64 (diff)
downloadprosody-bf86bf52423763d1f3407015d72959153d5fe71d.tar.gz
prosody-bf86bf52423763d1f3407015d72959153d5fe71d.zip
mod_bosh: Simplify cross-domain support, and make it work - default is for cross-domain to be disallowed
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_bosh.lua30
1 files changed, 9 insertions, 21 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index 21bfbebf..e366b019 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -31,23 +31,23 @@ local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or
local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2;
local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300;
-local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" };
local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} };
-local http_options, http_denied_options = { headers = {} }, { headers = {} };
+local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" };
+
local cross_domain = module:get_option("cross_domain_bosh");
-if cross_domain ~= false then
- http_options.headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS";
- http_options.headers["Access-Control-Allow-Headers"] = "Content-Type";
- http_options.headers["Access-Control-Max-Age"] = "86400";
+if cross_domain then
+ default_headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS";
+ default_headers["Access-Control-Allow-Headers"] = "Content-Type";
+ default_headers["Access-Control-Max-Age"] = "7200";
if cross_domain == true then
- http_options.headers["Access-Control-Allow-Origin"] = "*";
+ default_headers["Access-Control-Allow-Origin"] = "*";
elseif type(cross_domain) == "table" then
cross_domain = table.concat(cross_domain, ", ");
end
if type(cross_domain) == "string" then
- http_options.headers["Access-Control-Allow-Origin"] = cross_domain;
+ default_headers["Access-Control-Allow-Origin"] = cross_domain;
end
end
@@ -76,22 +76,10 @@ function on_destroy_request(request)
end
end
-local function send_options_headers(request)
- if cross_domain == nil then
- local host = request.headers.host and request.headers.host:match("^[^:]+");
- if hosts[host] then
- http_options.headers["Access-Control-Allow-Origin"] = "http://"..host;
- else
- return http_denied_options; -- We don't want to reveal the hosts we serve
- end
- end
- return http_options;
-end
-
function handle_request(method, body, request)
if (not body) or request.method ~= "POST" then
if request.method == "OPTIONS" then
- return send_options_headers(request);
+ return { headers = default_headers, body = "" };
else
return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>";
end