Mercurial > prosody-hg
comparison plugins/mod_bosh.lua @ 2484:cf924f587410
mod_bosh: Support for cross-domain access control using CORS
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 21 Jan 2010 15:07:52 +0000 |
| parents | 3f4cfa375bd6 |
| children | ace62f19076d |
comparison
equal
deleted
inserted
replaced
| 2483:2f235c57d713 | 2484:cf924f587410 |
|---|---|
| 32 local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300; | 32 local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300; |
| 33 | 33 |
| 34 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; | 34 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; |
| 35 local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; | 35 local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; |
| 36 | 36 |
| 37 local http_options, http_denied_options = { headers = {} }, { headers = {} }; | |
| 38 local cross_domain = module:get_option("cross_domain_bosh"); | |
| 39 if cross_domain ~= false then | |
| 40 http_options.headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; | |
| 41 http_options.headers["Access-Control-Allow-Headers"] = "Content-Type"; | |
| 42 http_options.headers["Access-Control-Max-Age"] = "86400"; | |
| 43 | |
| 44 if cross_domain == true then | |
| 45 http_options.headers["Access-Control-Allow-Origin"] = "*"; | |
| 46 elseif type(cross_domain) == "table" then | |
| 47 cross_domain = table.concat(cross_domain, ", "); | |
| 48 end | |
| 49 if type(cross_domain) == "string" then | |
| 50 http_options.headers["Access-Control-Allow-Origin"] = cross_domain; | |
| 51 end | |
| 52 end | |
| 53 | |
| 37 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; | 54 local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; |
| 38 local os_time = os.time; | 55 local os_time = os.time; |
| 39 | 56 |
| 40 local sessions = {}; | 57 local sessions = {}; |
| 41 local inactive_sessions = {}; -- Sessions which have no open requests | 58 local inactive_sessions = {}; -- Sessions which have no open requests |
| 57 (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]); | 74 (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]); |
| 58 end | 75 end |
| 59 end | 76 end |
| 60 end | 77 end |
| 61 | 78 |
| 79 local function send_options_headers(request) | |
| 80 if cross_domain == nil then | |
| 81 local host = request.headers.host and request.headers.host:match("^[^:]+"); | |
| 82 if hosts[host] then | |
| 83 http_options.headers["Access-Control-Allow-Origin"] = "http://"..host; | |
| 84 else | |
| 85 return http_denied_options; -- We don't want to reveal the hosts we serve | |
| 86 end | |
| 87 end | |
| 88 return http_options; | |
| 89 end | |
| 90 | |
| 62 function handle_request(method, body, request) | 91 function handle_request(method, body, request) |
| 63 if (not body) or request.method ~= "POST" then | 92 if (not body) or request.method ~= "POST" then |
| 64 return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; | 93 if request.method == "OPTIONS" then |
| 94 return send_options_headers(request); | |
| 95 else | |
| 96 return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; | |
| 97 end | |
| 65 end | 98 end |
| 66 if not method then | 99 if not method then |
| 67 log("debug", "Request %s suffered error %s", tostring(request.id), body); | 100 log("debug", "Request %s suffered error %s", tostring(request.id), body); |
| 68 return; | 101 return; |
| 69 end | 102 end |
