Normally to do cross-domain http bind connections, proxies or Flash are needed to get around the same origin policy for browser ajax requests. The W3C has put forward a recommendation called Cross-Origin Resource Sharing (, which allows web services to authorize cross-domain requests from browsers. Firefox 3.5+, Safari, and Chrome all support this standard.

      This patch adds support for OPTIONS requests, which are needed for CORS pre-flighting, and adds several CORS HTTP headers to http bind requests.

      It allows browsers to make direct, cross-domain requests to mod_http_bind without the need for flash or proxies. This makes it much easier to get started with XMPP web development.


        metajack jack Moffitt created issue -
        metajack jack Moffitt made changes -
        Field Original Value New Value
        Attachment ejabberd-cors.patch [ 15746 ]
        metajack jack Moffitt made changes -
        Patch Patch Awaiting Integration
        badlop Badlop made changes -
        Assignee Badlop [ badlop ]
        badlop Badlop made changes -
        Summary cross-domain http bind support Cross-domain HTTP-Bind support
        Fix Version/s ejabberd 2.1.3 [ 10453 ]
        Fix Version/s ejabberd 3.0.0-alpha [ 10240 ]
        badlop Badlop made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ] Mickaël Rémond made changes -
        Link This issue is cloned by EJABS-1494 [ EJABS-1494 ] Mickaël Rémond made changes -
        Workflow development v3 [ 70974 ] Development v4 [ 81340 ]


          • Votes:
            1 Vote for this issue
            3 Start watching this issue


            • Created: