From 347746f8895029ac48ae2eb02a627d3edc40c85c Mon Sep 17 00:00:00 2001 From: Brian Shamblen Date: Mon, 7 Nov 2016 10:08:37 -0800 Subject: [PATCH 1/5] Add option to disable CORS headers --- src/chunking-test.coffee | 2 +- src/trans-xhr.coffee | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/chunking-test.coffee b/src/chunking-test.coffee index 7bb202a7..724b6635 100644 --- a/src/chunking-test.coffee +++ b/src/chunking-test.coffee @@ -33,7 +33,7 @@ exports.app = info: (req, res, _) -> info = { websocket: @options.websocket, - origins: ['*:*'], + origins: ['*:*'] unless @options.disable_cors, cookie_needed: not not @options.jsessionid, entropy: utils.random32(), } diff --git a/src/trans-xhr.coffee b/src/trans-xhr.coffee index 5b0ddcac..04c4c06b 100644 --- a/src/trans-xhr.coffee +++ b/src/trans-xhr.coffee @@ -57,6 +57,9 @@ exports.app = return true xhr_cors: (req, res, content) -> + if @options.disable_cors + return + if !req.headers['origin'] origin = '*' else From 9830979695a3814b30959223f94eb0ecb900d346 Mon Sep 17 00:00:00 2001 From: Brian Shamblen Date: Mon, 7 Nov 2016 10:27:18 -0800 Subject: [PATCH 2/5] Update README to include disable_cors option --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 7442c93c..29870c96 100644 --- a/README.md +++ b/README.md @@ -156,6 +156,13 @@ Where `options` is a hash which can contain: connection have not been seen for a while. This delay is configured by this setting. By default the `close` event will be emitted when a receiving connection wasn't seen for 5 seconds. + +
disable_cors (boolean)
+
Enabling this option will prevent + CORS + headers from being included in the HTTP response. Can be used when the + sockjs client is know to be connecting from the same domain as the + sockjs server.
From 054fec1148115f5ee902c68f131cb21dfae6baaa Mon Sep 17 00:00:00 2001 From: Brian Shamblen Date: Tue, 22 Nov 2016 08:46:46 -0800 Subject: [PATCH 3/5] Return content when disable_cors is set --- src/trans-xhr.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/trans-xhr.coffee b/src/trans-xhr.coffee index 04c4c06b..bb3745c0 100644 --- a/src/trans-xhr.coffee +++ b/src/trans-xhr.coffee @@ -58,7 +58,7 @@ exports.app = xhr_cors: (req, res, content) -> if @options.disable_cors - return + return content if !req.headers['origin'] origin = '*' From ac3893fb92e5a8482586eeea693e0adee6218ac9 Mon Sep 17 00:00:00 2001 From: Brian Shamblen Date: Fri, 20 Jan 2017 08:55:36 -0800 Subject: [PATCH 4/5] Documentation modifications --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7a9b30c3..c6cc4f0b 100644 --- a/README.md +++ b/README.md @@ -159,9 +159,9 @@ Where `options` is a hash which can contain:
disable_cors (boolean)
Enabling this option will prevent - CORS + CORS headers from being included in the HTTP response. Can be used when the - sockjs client is know to be connecting from the same domain as the + sockjs client is know to be connecting from the same origin as the sockjs server.
From 81b56831def3c8eabd1a9a9a657aa551792941b7 Mon Sep 17 00:00:00 2001 From: Brian Shamblen Date: Mon, 13 Feb 2017 14:36:10 -0800 Subject: [PATCH 5/5] Fix type-o --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c6cc4f0b..018588ca 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ Where `options` is a hash which can contain:
Enabling this option will prevent CORS headers from being included in the HTTP response. Can be used when the - sockjs client is know to be connecting from the same origin as the + sockjs client is known to be connecting from the same origin as the sockjs server.