mod_websocket: Inherit security status from http request

Allows requests considered secure becasue of a proxy header to carry over to the client session. mod_bosh does this too.
author: Kim Alvefur <zash@zash.se> 2021-02-18 10:05:30 +0100
committer: Kim Alvefur <zash@zash.se> 2021-02-18 10:05:30 +0100
commit: 231e87ab054addeb2433ecf6f87b54c641bd8865 (patch)
tree: 896224f103cef3ab73c4120ec8a3963b2eddc56f /plugins
parent: 362c228c47eb0b48b780d0844ac5321381e4f207 (diff)
download: prosody-231e87ab054addeb2433ecf6f87b54c641bd8865.tar.gz
prosody-231e87ab054addeb2433ecf6f87b54c641bd8865.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index 7a5f2d03..e70b907d 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -266,7 +266,7 @@ function handle_request(event)
 	-- See mod_http and #540
 	session.ip = request.ip;
 
-	session.secure = consider_websocket_secure or session.secure;
+	session.secure = consider_websocket_secure or request.secure or session.secure;
 	session.websocket_request = request;
 
 	session.open_stream = session_open_stream;
author	Kim Alvefur <zash@zash.se>	2021-02-18 10:05:30 +0100
committer	Kim Alvefur <zash@zash.se>	2021-02-18 10:05:30 +0100
commit	231e87ab054addeb2433ecf6f87b54c641bd8865 (patch)
tree	896224f103cef3ab73c4120ec8a3963b2eddc56f /plugins
parent	362c228c47eb0b48b780d0844ac5321381e4f207 (diff)
download	prosody-231e87ab054addeb2433ecf6f87b54c641bd8865.tar.gz prosody-231e87ab054addeb2433ecf6f87b54c641bd8865.zip