aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorWaqas Hussain <waqas20@gmail.com>2013-06-07 14:20:13 -0400
committerWaqas Hussain <waqas20@gmail.com>2013-06-07 14:20:13 -0400
commitd826b6cebb94355ec052f615786a113d547d8ca0 (patch)
treeda6bca9b8076531e3689a41a9baa10b4365c77d1 /plugins
parent6dba024252dd26e615f6e81b611bc13a7f07ca38 (diff)
downloadprosody-d826b6cebb94355ec052f615786a113d547d8ca0.tar.gz
prosody-d826b6cebb94355ec052f615786a113d547d8ca0.zip
mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_bosh.lua6
1 files changed, 4 insertions, 2 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index 48d16df1..04d85e60 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -100,7 +100,9 @@ local function set_cross_domain_headers(response)
end
function handle_OPTIONS(event)
- set_cross_domain_headers(event.response);
+ if cross_domain and event.request.headers.origin then
+ set_cross_domain_headers(event.response);
+ end
return "";
end
@@ -118,7 +120,7 @@ function handle_POST(event)
local headers = response.headers;
headers.content_type = "text/xml; charset=utf-8";
- if cross_domain then
+ if cross_domain and event.request.headers.origin then
set_cross_domain_headers(response);
end