# What steps will reproduce the problem?
1. Set cross_domain_bosh = true
2. Send a stanza with unknown host to your bosh interface
2. Inspect the response header
# What is the expected output? What do you see instead?
I expect to see CORS headers like Access-Control-Allow-Origin
# What version of the product are you using? On what operating system?
0.9.12
# Please provide any additional information below.
## Here an example of the error if you send a stanza to a wrong host:
curl -v -d "<body rid='3299922459' xmlns='http://jabber.org/protocol/httpbind' to='xmpp-test.uni-konstanz.de' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>" https://xmpp-test.kim.uni-konstanz.de:5280/http-bind/
* Connected to xmpp-test.kim.uni-konstanz.de (134.34.205.79) port 5280 (#0)
...
* ALPN, server did not agree to a protocol
> POST /http-bind/ HTTP/1.1
> Host: xmpp-test.kim.uni-konstanz.de:5280
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 223
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 223 out of 223 bytes
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Length: 141
< Date: Tue, 23 May 2017 12:51:22 GMT
<
* Connection #0 to host xmpp-test.kim.uni-konstanz.de left intact
<body xmlns:stream='http://etherx.jabber.org/streams' type='terminate' condition='host-unknown' xmlns='http://jabber.org/protocol/httpbind'/>
## Here you see how the response looks with a valid host:
curl -v -d "<body rid='3299922459' xmlns='http://jabber.org/protocol/httpbind' to='xmpp-test.kim.uni-konstanz.de' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>" https://xmpp-test.kim.uni-konstanz.de:5280/http-bind/
Connected to xmpp-test.kim.uni-konstanz.de (134.34.205.79) port 5280 (#0)
...
* ALPN, server did not agree to a protocol
> POST /http-bind/ HTTP/1.1
> Host: xmpp-test.kim.uni-konstanz.de:5280
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 227
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 227 out of 227 bytes
< HTTP/1.1 200 OK
< Access-Control-Max-Age: 7200
< Access-Control-Allow-Methods: GET, POST, OPTIONS
< Access-Control-Allow-Headers: Content-Type
< Content-Length: 491
< Access-Control-Allow-Origin: *
< Content-Type: text/xml; charset=utf-8
...
# What steps will reproduce the problem? 1. Set cross_domain_bosh = true 2. Send a stanza with unknown host to your bosh interface 2. Inspect the response header # What is the expected output? What do you see instead? I expect to see CORS headers like Access-Control-Allow-Origin # What version of the product are you using? On what operating system? 0.9.12 # Please provide any additional information below. ## Here an example of the error if you send a stanza to a wrong host: curl -v -d "<body rid='3299922459' xmlns='http://jabber.org/protocol/httpbind' to='xmpp-test.uni-konstanz.de' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>" https://xmpp-test.kim.uni-konstanz.de:5280/http-bind/ * Connected to xmpp-test.kim.uni-konstanz.de (134.34.205.79) port 5280 (#0) ... * ALPN, server did not agree to a protocol > POST /http-bind/ HTTP/1.1 > Host: xmpp-test.kim.uni-konstanz.de:5280 > User-Agent: curl/7.47.0 > Accept: */* > Content-Length: 223 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 223 out of 223 bytes < HTTP/1.1 200 OK < Connection: Keep-Alive < Content-Length: 141 < Date: Tue, 23 May 2017 12:51:22 GMT < * Connection #0 to host xmpp-test.kim.uni-konstanz.de left intact <body xmlns:stream='http://etherx.jabber.org/streams' type='terminate' condition='host-unknown' xmlns='http://jabber.org/protocol/httpbind'/> ## Here you see how the response looks with a valid host: curl -v -d "<body rid='3299922459' xmlns='http://jabber.org/protocol/httpbind' to='xmpp-test.kim.uni-konstanz.de' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>" https://xmpp-test.kim.uni-konstanz.de:5280/http-bind/ Connected to xmpp-test.kim.uni-konstanz.de (134.34.205.79) port 5280 (#0) ... * ALPN, server did not agree to a protocol > POST /http-bind/ HTTP/1.1 > Host: xmpp-test.kim.uni-konstanz.de:5280 > User-Agent: curl/7.47.0 > Accept: */* > Content-Length: 227 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 227 out of 227 bytes < HTTP/1.1 200 OK < Access-Control-Max-Age: 7200 < Access-Control-Allow-Methods: GET, POST, OPTIONS < Access-Control-Allow-Headers: Content-Type < Content-Length: 491 < Access-Control-Allow-Origin: * < Content-Type: text/xml; charset=utf-8 ...
This might have been fixed in https://hg.prosody.im/0.10/rev/f7f667c48d9a Since those headers are applied earlier, they should be on all requests, including those where the connection is terminated. However after https://hg.prosody.im/0.10/rev/020c5cd6eb28 you won't see them unless you include the Origin header, like a web browser would.
Changes