diff options
| author | Kim Alvefur <zash@zash.se> | 2021-02-18 10:00:56 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2021-02-18 10:00:56 +0100 |
| commit | 362c228c47eb0b48b780d0844ac5321381e4f207 (patch) | |
| tree | 3d37e6c7a34e2c877af37eb28ba9f04061d07a9f | |
| parent | 4b4636ae65f6876ebbbfb8dc066cb03b21b39c17 (diff) | |
| download | prosody-362c228c47eb0b48b780d0844ac5321381e4f207.tar.gz prosody-362c228c47eb0b48b780d0844ac5321381e4f207.zip | |
mod_http: Consider x-forwarded-proto from trusted proxies
Should be better than setting consider_{bosh,websocket}_secure as that
may end up causing actually insecure requests to be considered secure.
Doing it here, as with IP, should make this apply to all HTTP modules.
| -rw-r--r-- | plugins/mod_http.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 408e401e..3d2c4443 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -259,6 +259,10 @@ module:wrap_object_event(server._events, false, function (handlers, event_name, if request and is_trusted_proxy(request.conn:ip()) then -- Not included in eg http-error events request.ip = get_ip_from_request(request); + + if not request.secure and request.headers.x_forwarded_proto == "https" then + request.secure = true; + end end return handlers(event_name, event_data); end); |