aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_bosh.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-02-21 06:18:22 +0100
committerKim Alvefur <zash@zash.se>2021-02-21 06:18:22 +0100
commitd18348b578ab72b09840fedfc58d7b6de5fb53b5 (patch)
treef6dff3371152edf2c1855c3f6bd1d20df7551005 /plugins/mod_bosh.lua
parent5860017b9f13b7849ac62cb532b8f8a6ffb45bea (diff)
downloadprosody-d18348b578ab72b09840fedfc58d7b6de5fb53b5.tar.gz
prosody-d18348b578ab72b09840fedfc58d7b6de5fb53b5.zip
mod_bosh: Include warning if endpoint accessed insecurely (#1172)
This is to make it obvious if a misconfigured a proxy or the request really is insecure. Perhaps it should also check c2s_require_encryption?
Diffstat (limited to 'plugins/mod_bosh.lua')
-rw-r--r--plugins/mod_bosh.lua1
1 files changed, 1 insertions, 0 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index db281fcd..0fbf3037 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -536,6 +536,7 @@ local function GET_response(event)
---
title = "Prosody BOSH endpoint";
message = "It works! Now point your BOSH client to this URL to connect to Prosody.";
+ warning = not (consider_bosh_secure or event.request.secure) and "This endpoint is not considered secure!" or nil;
-- <p>For more information see <a href="https://prosody.im/doc/setting_up_bosh">Prosody: Setting up BOSH</a>.</p>
}) or "This is the Prosody BOSH endpoint.";
end