Currently node-xmpp-bosh sets the Access-Control-Allow-Origin header to the wild-card character * and allows the user to configure static set of headers.
In cases where Access-Control-Allow-Credentials is specified as true, a value of * isn't permitted (see [step 3 in section 6.1](Simple Cross-Origin Request, Actual Request, and Redirects)). As Access-Control-Allow-Origin doesn't allow for a wildcard sub-domain it's beneficial in that case to allow the Access-Control-Allow-Origin to echo the Origin specified on the request, which is common practice
I'd like to PR in a config flag that allows this, and noticed this project hadn't been touched in a while. Is it still maintained, and if so, would you be open to this change?
Currently node-xmpp-bosh sets the
Access-Control-Allow-Origin
header to the wild-card character*
and allows the user to configure static set of headers.In cases where
Access-Control-Allow-Credentials
is specified astrue
, a value of*
isn't permitted (see [step 3 in section 6.1](Simple Cross-Origin Request, Actual Request, and Redirects)). AsAccess-Control-Allow-Origin
doesn't allow for a wildcard sub-domain it's beneficial in that case to allow theAccess-Control-Allow-Origin
to echo theOrigin
specified on the request, which is common practiceI'd like to PR in a config flag that allows this, and noticed this project hadn't been touched in a while. Is it still maintained, and if so, would you be open to this change?