aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorWaqas Hussain <waqas20@gmail.com>2013-06-07 14:20:13 -0400
committerWaqas Hussain <waqas20@gmail.com>2013-06-07 14:20:13 -0400
commit8e44ad94a9cb442bd7a03830a2a8548c3833fe68 (patch)
treeda6bca9b8076531e3689a41a9baa10b4365c77d1 /plugins
parenta22bd3606b9c4e5017d00f9d80512d70e2bf4f6f (diff)
downloadprosody-8e44ad94a9cb442bd7a03830a2a8548c3833fe68.tar.gz
prosody-8e44ad94a9cb442bd7a03830a2a8548c3833fe68.zip
mod_bosh: Only return CORS headers if the Origin header is received, and CORS is enabled.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_bosh.lua6
1 files changed, 4 insertions, 2 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index 48d16df1..04d85e60 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -100,7 +100,9 @@ local function set_cross_domain_headers(response)
end
function handle_OPTIONS(event)
- set_cross_domain_headers(event.response);
+ if cross_domain and event.request.headers.origin then
+ set_cross_domain_headers(event.response);
+ end
return "";
end
@@ -118,7 +120,7 @@ function handle_POST(event)
local headers = response.headers;
headers.content_type = "text/xml; charset=utf-8";
- if cross_domain then
+ if cross_domain and event.request.headers.origin then
set_cross_domain_headers(response);
end