diff options
author | Kim Alvefur <zash@zash.se> | 2021-02-27 21:07:36 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-02-27 21:07:36 +0100 |
commit | d8bcee69f3b287f8948604e72f76cf543cac33a0 (patch) | |
tree | 989e511b3597c2009e0961c7c6d95fe6ccb85a43 | |
parent | dfaf43cc3f4219d14c633a0e047d65dcc965b862 (diff) | |
parent | aa9e2741d5555d7188b7559b3c089f66ca54e528 (diff) | |
download | prosody-d8bcee69f3b287f8948604e72f76cf543cac33a0.tar.gz prosody-d8bcee69f3b287f8948604e72f76cf543cac33a0.zip |
Merge 0.11->trunk
-rw-r--r-- | plugins/mod_http.lua | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 8701016e..b9a76c90 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -262,7 +262,7 @@ end local function get_ip_from_request(request) local ip = request.conn:ip(); local forwarded_for = request.headers.x_forwarded_for; - if forwarded_for then + if forwarded_for and is_trusted_proxy(ip) then -- luacheck: ignore 631 -- This logic looks weird at first, but it makes sense. -- The for loop will take the last non-trusted-proxy IP from `forwarded_for`. @@ -283,11 +283,11 @@ end module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) local request = event_data.request; - if request and is_trusted_proxy(request.conn:ip()) then + if request then -- Not included in eg http-error events request.ip = get_ip_from_request(request); - if not request.secure and request.headers.x_forwarded_proto == "https" then + if not request.secure and request.headers.x_forwarded_proto == "https" and is_trusted_proxy(request.conn:ip()) then request.secure = true; end end |