Merge pull request socketio#737 from mixu/mixu/authfix2

Supplemental fix to gavinuhma/authfix, it looks like the same Access-Control-Origin logic is needed in the http and xhr-polling transports
dnorman · Feb 3, 2012 · b662704 · b662704
2 parents 6074795 + 304a428
commit b662704
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 10 deletions.
diff --git a/lib/transports/http.js b/lib/transports/http.js
@@ -72,11 +72,8 @@ HTTPTransport.prototype.handleRequest = function (req) {
 
     if (origin) {
       // https://developer.mozilla.org/En/HTTP_Access_Control
-      headers['Access-Control-Allow-Origin'] = '*';
-
-      if (req.headers.cookie) {
-        headers['Access-Control-Allow-Credentials'] = 'true';
-      }
+      headers['Access-Control-Allow-Origin'] = origin;
+      headers['Access-Control-Allow-Credentials'] = 'true';
     }
   } else {
     this.response = req.res;

diff --git a/lib/transports/xhr-polling.js b/lib/transports/xhr-polling.js
@@ -59,11 +59,8 @@ XHRPolling.prototype.doWrite = function (data) {
 
   if (origin) {
     // https://developer.mozilla.org/En/HTTP_Access_Control
-    headers['Access-Control-Allow-Origin'] = '*';
-
-    if (this.req.headers.cookie) {
-      headers['Access-Control-Allow-Credentials'] = 'true';
-    }
+    headers['Access-Control-Allow-Origin'] = origin;
+    headers['Access-Control-Allow-Credentials'] = 'true';
   }
 
   this.response.writeHead(200, headers);