diff options
author | Kim Alvefur <zash@zash.se> | 2021-02-27 21:37:56 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-02-27 21:37:56 +0100 |
commit | 4b60587e758ebc7f76137ec34139737ff3564902 (patch) | |
tree | 6b805eef31f388bb18005701712e40d14871082d | |
parent | 2acba6238860aaf3e323b12ddcd6d89d6644b486 (diff) | |
download | prosody-4b60587e758ebc7f76137ec34139737ff3564902.tar.gz prosody-4b60587e758ebc7f76137ec34139737ff3564902.zip |
mod_http: Consolidate handling of proxied connection details
Trying to move everything relating to proxies and X-Forwarded-Foo into a
single place.
-rw-r--r-- | plugins/mod_http.lua | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index d81f4ab7..682d5ae3 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -259,10 +259,11 @@ local function is_trusted_proxy(ip) return false end -local function get_ip_from_request(request) +local function get_forwarded_connection_info(request) --> ip:string, secure:boolean local ip = request.ip; + local secure = request.secure; -- set by net.http.server local forwarded_for = request.headers.x_forwarded_for; - if forwarded_for and is_trusted_proxy(ip) then + if forwarded_for then -- luacheck: ignore 631 -- This logic looks weird at first, but it makes sense. -- The for loop will take the last non-trusted-proxy IP from `forwarded_for`. @@ -278,18 +279,17 @@ local function get_ip_from_request(request) end end end - return ip; + + secure = secure or request.headers.x_forwarded_proto == "https"; + + return ip, secure; end module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) local request = event_data.request; - if request then + if request and is_trusted_proxy(request.ip) then -- Not included in eg http-error events - request.ip = get_ip_from_request(request); - - if not request.secure and request.headers.x_forwarded_proto == "https" and is_trusted_proxy(request.conn:ip()) then - request.secure = true; - end + request.ip, request.secure = get_forwarded_connection_info(request); end return handlers(event_name, event_data); end); |