diff options
author | Kim Alvefur <zash@zash.se> | 2023-06-03 21:53:20 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-06-03 21:53:20 +0200 |
commit | 16381e754de9c633c080784286ff2b141299e136 (patch) | |
tree | 2a2bf0e4d16d58524f63e58da293420d6890d977 /plugins/mod_auth_ldap.lua | |
parent | 8c92b32b7aa5b1457663bf39c4891fcc11fce8e5 (diff) | |
download | prosody-16381e754de9c633c080784286ff2b141299e136.tar.gz prosody-16381e754de9c633c080784286ff2b141299e136.zip |
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
Diffstat (limited to 'plugins/mod_auth_ldap.lua')
0 files changed, 0 insertions, 0 deletions