search

hellozedan / node-xmpp-bosh

Automatically exported from code.google.com/p/node-xmpp-bosh
0 stars 0 forks source link

Not supported cross-domain requests through the addition of flash. #22

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Not supported cross-domain requests through the addition of flash. 
This is necessary if you use the plug strophe.flxhr.js for the library 
strophe.

Original issue reported on code.google.com by rysh...@gmail.com on 3 Sep 2011 at 3:16

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
Decided the issue as follows:
1) in file \node-xmpp-bosh\src\bosh.js add a handler for the request 
crossdomain.xml:

function handle_get_crossdomainXML(req, res, u) {
    if (req.method === 'GET' && req.url === "/crossdomain.xml") {
      res.writeHead(200, HTTP_GET_RESPONSE_HEADERS);
      var crossdomain = '<?xml version="1.0"?>';
      crossdomain += '<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">';
      crossdomain += '<cross-domain-policy>';
      crossdomain += '<site-control permitted-cross-domain-policies="all"/>';
      crossdomain += '<allow-access-from domain="*" to-ports="' + options.port + '" secure="true"/>';
      crossdomain += '<allow-http-request-headers-from domain="*" headers="*" />';
      crossdomain += '</cross-domain-policy>';
      res.end(crossdomain);
      return false;
    }
  }

2) in file \node-xmpp-bosh\src\bosh.js install a handler in a common list of 
handlers requests:

router.on('request', handle_post_bosh_request, 1)
      .on('request', handle_get_bosh_request, 2)
      .on('request', handle_options, 3)
      .on('request', handle_get_favicon, 4)
      .on('request', handle_get_statistics, 5)
      .on('request', handle_get_crossdomainXML, 6)
      .on('request', handle_unhandled_request, 7);

3) all together, see in attach file

Original comment by rysh...@gmail.com on 3 Sep 2011 at 4:04

Attachments:

GoogleCodeExporter commented 8 years ago 
Hello,

I'll be glad to add to mainline. Please could you send in a patch so that I can 
apply it. A comment in the code explaining why this is required (your initial 
comment content), with a link to this issue would also be nice. Also, have you 
run basic.js after patching to ensure that basic login, etc... still works?

Original comment by dhruvb...@gmail.com on 3 Sep 2011 at 7:27

GoogleCodeExporter commented 8 years ago

Original comment by dhruvb...@gmail.com on 3 Sep 2011 at 7:28

GoogleCodeExporter commented 8 years ago 
Does this have any security implications for other clients? If not, it can go 
in the next release.

Original comment by dhruvb...@gmail.com on 26 Sep 2011 at 1:45

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
@ryshkin: Changes have been made in the revision r455. Can you please check, 
test and confirm?

Original comment by anup.kal...@gmail.com on 7 Nov 2011 at 4:24

GoogleCodeExporter commented 8 years ago 
Closing since there has been no response from the OP

Original comment by dhruvb...@gmail.com on 21 Nov 2011 at 1:01