aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-02-18 10:00:56 +0100
committerKim Alvefur <zash@zash.se>2021-02-18 10:00:56 +0100
commit362c228c47eb0b48b780d0844ac5321381e4f207 (patch)
tree3d37e6c7a34e2c877af37eb28ba9f04061d07a9f /plugins
parent4b4636ae65f6876ebbbfb8dc066cb03b21b39c17 (diff)
downloadprosody-362c228c47eb0b48b780d0844ac5321381e4f207.tar.gz
prosody-362c228c47eb0b48b780d0844ac5321381e4f207.zip
mod_http: Consider x-forwarded-proto from trusted proxies
Should be better than setting consider_{bosh,websocket}_secure as that may end up causing actually insecure requests to be considered secure. Doing it here, as with IP, should make this apply to all HTTP modules.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_http.lua4
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index 408e401e..3d2c4443 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -259,6 +259,10 @@ module:wrap_object_event(server._events, false, function (handlers, event_name,
if request and is_trusted_proxy(request.conn:ip()) then
-- Not included in eg http-error events
request.ip = get_ip_from_request(request);
+
+ if not request.secure and request.headers.x_forwarded_proto == "https" then
+ request.secure = true;
+ end
end
return handlers(event_name, event_data);
end);