Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node-xmpp-bosh should allow for a dynamic Access-Control-Allow-Origin response based on the request header Origin #121

Open
gerges-zz opened this issue Aug 5, 2015 · 0 comments · May be fixed by #122
Open

node-xmpp-bosh should allow for a dynamic Access-Control-Allow-Origin response based on the request header Origin #121

gerges-zz opened this issue Aug 5, 2015 · 0 comments · May be fixed by #122

Comments

@gerges-zz
Copy link

Currently node-xmpp-bosh sets the Access-Control-Allow-Origin header to the wild-card character * and allows the user to configure static set of headers.

In cases where Access-Control-Allow-Credentials is specified as true, a value of * isn't permitted (see [step 3 in section 6.1](Simple Cross-Origin Request, Actual Request, and Redirects)). As Access-Control-Allow-Origin doesn't allow for a wildcard sub-domain it's beneficial in that case to allow the Access-Control-Allow-Origin to echo the Origin specified on the request, which is common practice

I'd like to PR in a config flag that allows this, and noticed this project hadn't been touched in a while. Is it still maintained, and if so, would you be open to this change?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improved support for Access-Control-Allow-Origin header.
1 participant
@gerges-zz