view mod_csi_simple_compat/mod_csi_simple_compat.lua @ 5548:fd3c12c40cd9

mod_http_oauth2: Disable CORS for authorization endpoint Per recommendation in draft-ietf-oauth-security-topics-23 Hopefully it is enough to return an error status, since mod_http will add CORS headers from a handler with higher priority, even for OPTIONS.
author Kim Alvefur <zash@zash.se>
date Fri, 16 Jun 2023 00:05:57 +0200
parents fcea7cf91702
children
line wrap: on
line source

local st = require "util.stanza";

local important_payloads = module:get_option_set("csi_important_payloads", { });

module:hook("csi-is-stanza-important", function (event)
	local stanza = event.stanza;
	if st.is_stanza(stanza) then
		for important in important_payloads do
			if stanza:find(important) then
				return true;
			end
		end
	end
end);