Mercurial > prosody-hg
comparison plugins/mod_bosh.lua @ 2485:ace62f19076d
mod_bosh: Simplify cross-domain support, and make it work - default is for cross-domain to be disallowed
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 22 Jan 2010 03:18:55 +0000 |
| parents | cf924f587410 |
| children | f0335b7284b1 |
comparison
equal
deleted
inserted
replaced
| 2484:cf924f587410 | 2485:ace62f19076d |
|---|---|
| 29 local BOSH_DEFAULT_INACTIVITY = tonumber(module:get_option("bosh_max_inactivity")) or 60; | 29 local BOSH_DEFAULT_INACTIVITY = tonumber(module:get_option("bosh_max_inactivity")) or 60; |
| 30 local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or 5; | 30 local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or 5; |
| 31 local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2; | 31 local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2; |
| 32 local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300; | 32 local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300; |
| 33 | 33 |
| 34 local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; | |
| 35 | |
| 34 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; | 36 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; |
| 35 local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; | 37 |
| 36 | |
| 37 local http_options, http_denied_options = { headers = {} }, { headers = {} }; | |
| 38 local cross_domain = module:get_option("cross_domain_bosh"); | 38 local cross_domain = module:get_option("cross_domain_bosh"); |
| 39 if cross_domain ~= false then | 39 if cross_domain then |
| 40 http_options.headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; | 40 default_headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; |
| 41 http_options.headers["Access-Control-Allow-Headers"] = "Content-Type"; | 41 default_headers["Access-Control-Allow-Headers"] = "Content-Type"; |
| 42 http_options.headers["Access-Control-Max-Age"] = "86400"; | 42 default_headers["Access-Control-Max-Age"] = "7200"; |
| 43 | 43 |
| 44 if cross_domain == true then | 44 if cross_domain == true then |
| 45 http_options.headers["Access-Control-Allow-Origin"] = "*"; | 45 default_headers["Access-Control-Allow-Origin"] = "*"; |
| 46 elseif type(cross_domain) == "table" then | 46 elseif type(cross_domain) == "table" then |
| 47 cross_domain = table.concat(cross_domain, ", "); | 47 cross_domain = table.concat(cross_domain, ", "); |
| 48 end | 48 end |
| 49 if type(cross_domain) == "string" then | 49 if type(cross_domain) == "string" then |
| 50 http_options.headers["Access-Control-Allow-Origin"] = cross_domain; | 50 default_headers["Access-Control-Allow-Origin"] = cross_domain; |
| 51 end | 51 end |
| 52 end | 52 end |
| 53 | 53 |
| 54 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; | 54 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; |
| 55 local os_time = os.time; | 55 local os_time = os.time; |
| 74 (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]); | 74 (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]); |
| 75 end | 75 end |
| 76 end | 76 end |
| 77 end | 77 end |
| 78 | 78 |
| 79 local function send_options_headers(request) | |
| 80 if cross_domain == nil then | |
| 81 local host = request.headers.host and request.headers.host:match("^[^:]+"); | |
| 82 if hosts[host] then | |
| 83 http_options.headers["Access-Control-Allow-Origin"] = "http://"..host; | |
| 84 else | |
| 85 return http_denied_options; -- We don't want to reveal the hosts we serve | |
| 86 end | |
| 87 end | |
| 88 return http_options; | |
| 89 end | |
| 90 | |
| 91 function handle_request(method, body, request) | 79 function handle_request(method, body, request) |
| 92 if (not body) or request.method ~= "POST" then | 80 if (not body) or request.method ~= "POST" then |
| 93 if request.method == "OPTIONS" then | 81 if request.method == "OPTIONS" then |
| 94 return send_options_headers(request); | 82 return { headers = default_headers, body = "" }; |
| 95 else | 83 else |
| 96 return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; | 84 return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; |
| 97 end | 85 end |
| 98 end | 86 end |
| 99 if not method then | 87 if not method then |
