From 8e44ad94a9cb442bd7a03830a2a8548c3833fe68 Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Fri, 7 Jun 2013 14:20:13 -0400
Subject: mod_bosh: Only return CORS headers if the Origin header is received,
 and CORS is enabled.

---
 plugins/mod_bosh.lua | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'plugins')

diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index 48d16df1..04d85e60 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -100,7 +100,9 @@ local function set_cross_domain_headers(response)
 end
 
 function handle_OPTIONS(event)
-	set_cross_domain_headers(event.response);
+	if cross_domain and event.request.headers.origin then
+		set_cross_domain_headers(event.response);
+	end
 	return "";
 end
 
@@ -118,7 +120,7 @@ function handle_POST(event)
 	local headers = response.headers;
 	headers.content_type = "text/xml; charset=utf-8";
 
-	if cross_domain then
+	if cross_domain and event.request.headers.origin then
 		set_cross_domain_headers(response);
 	end
 	
-- 
cgit v1.2.3