Merge pull request #218 from bshamblen/master

Add option to disable CORS headers
sockjs · Oct 12, 2017 · 1e86fe5 · 1e86fe5
2 parents 5dae15a + 81b5683
commit 1e86fe5
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -156,6 +156,13 @@ Where `options` is a hash which can contain:
   connection have not been seen for a while. This delay is configured
   by this setting. By default the `close` event will be emitted when a
   receiving connection wasn't seen for 5 seconds.  </dd>
+
+<dt>disable_cors (boolean)</dt>
+<dd>Enabling this option will prevent
+  <a href="https://en.wikipedia.org/wiki/Cross-origin_resource_sharing">CORS</a>
+  headers from being included in the HTTP response. Can be used when the
+  sockjs client is known to be connecting from the same origin as the 
+  sockjs server.</dd>
 </dl>
 
 

diff --git a/src/chunking-test.coffee b/src/chunking-test.coffee
@@ -33,7 +33,7 @@ exports.app =
     info: (req, res, _) ->
         info = {
             websocket: @options.websocket,
-            origins: ['*:*'],
+            origins: ['*:*'] unless @options.disable_cors,
             cookie_needed: not not @options.jsessionid,
             entropy: utils.random32(),
         }

diff --git a/src/trans-xhr.coffee b/src/trans-xhr.coffee
@@ -57,6 +57,9 @@ exports.app =
         return true
 
     xhr_cors: (req, res, content) ->
+        if @options.disable_cors
+            return content
+
         if !req.headers['origin']
             origin = '*'
         else