aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2018-10-04 12:24:08 +0200
committerKim Alvefur <zash@zash.se>2018-10-04 12:24:08 +0200
commit7fefafa8f6cc312b41f69d8149d5a926657bc9fb (patch)
treeca8b7923213135e1ffc647eba1a305025af571db /plugins
parent467260e6f51942bc4a113bc0ca23808002289147 (diff)
downloadprosody-7fefafa8f6cc312b41f69d8149d5a926657bc9fb.tar.gz
prosody-7fefafa8f6cc312b41f69d8149d5a926657bc9fb.zip
mod_websocket: Drop CORS code in favor of that in mod_http
Like for mod_bosh, deprecates consider_websocket_secure and depend on mod_http_crossdomain if it is set.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_websocket.lua38
1 files changed, 4 insertions, 34 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index a668b4fa..da0ce8a6 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -29,18 +29,11 @@ local t_concat = table.concat;
local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure");
-local cross_domain = module:get_option_set("cross_domain_websocket", {});
-if cross_domain:contains("*") or cross_domain:contains(true) then
- cross_domain = true;
+local cross_domain = module:get_option("cross_domain_websocket");
+if cross_domain ~= nil then
+ module:log("info", "The 'cross_domain_websocket' option has been deprecated");
+ module:depends("http_crossdomain");
end
-
-local function check_origin(origin)
- if cross_domain == true then
- return true;
- end
- return cross_domain:contains(origin);
-end
-
local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing";
local xmlns_streams = "http://etherx.jabber.org/streams";
local xmlns_client = "jabber:client";
@@ -158,11 +151,6 @@ function handle_request(event)
return 501;
end
- if not check_origin(request.headers.origin or "") then
- module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket'", request.headers.origin or "(missing header)");
- return 403;
- end
-
local function websocket_close(code, message)
conn:write(build_close(code, message));
conn:close();
@@ -329,22 +317,4 @@ module:provides("http", {
function module.add_host(module)
module:hook("c2s-read-timeout", keepalive, -0.9);
-
- if cross_domain ~= true then
- local url = require "socket.url";
- local ws_url = module:http_url("websocket", "xmpp-websocket");
- local url_components = url.parse(ws_url);
- -- The 'Origin' consists of the base URL without path
- url_components.path = nil;
- local this_origin = url.build(url_components);
- local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin });
- -- Don't add / remove something added by another host
- -- This might be weird with random load order
- local_cross_domain:exclude(cross_domain);
- cross_domain:include(local_cross_domain);
- module:log("debug", "cross_domain = %s", tostring(cross_domain));
- function module.unload()
- cross_domain:exclude(local_cross_domain);
- end
- end
end