diff options
| author | Kim Alvefur <zash@zash.se> | 2021-02-18 10:00:56 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2021-02-18 10:00:56 +0100 |
| commit | 362c228c47eb0b48b780d0844ac5321381e4f207 (patch) | |
| tree | 3d37e6c7a34e2c877af37eb28ba9f04061d07a9f /plugins/mod_http.lua | |
| parent | 4b4636ae65f6876ebbbfb8dc066cb03b21b39c17 (diff) | |
| download | prosody-362c228c47eb0b48b780d0844ac5321381e4f207.tar.gz prosody-362c228c47eb0b48b780d0844ac5321381e4f207.zip | |
mod_http: Consider x-forwarded-proto from trusted proxies
Should be better than setting consider_{bosh,websocket}_secure as that
may end up causing actually insecure requests to be considered secure.
Doing it here, as with IP, should make this apply to all HTTP modules.
Diffstat (limited to 'plugins/mod_http.lua')
| -rw-r--r-- | plugins/mod_http.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 408e401e..3d2c4443 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -259,6 +259,10 @@ module:wrap_object_event(server._events, false, function (handlers, event_name, if request and is_trusted_proxy(request.conn:ip()) then -- Not included in eg http-error events request.ip = get_ip_from_request(request); + + if not request.secure and request.headers.x_forwarded_proto == "https" then + request.secure = true; + end end return handlers(event_name, event_data); end); |