mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 21:57:45 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)

Browse source 
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.

Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
This commit is contained in:
Matthew Wild 2022-03-28 14:53:24 +01:00
parent 331ede129e
commit f19f1088b7
4 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
plugins/mod_websocket.lua
View file

@ -355,6 +355,9 @@ function module.add_host(module)
module:provides("http", {
name = "websocket";
default_path = "xmpp-websocket";
cors = {
enabled = true;
};
route = {
["GET"] = handle_request;
["GET /"] = handle_request;