aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-02-27 21:07:36 +0100
committerKim Alvefur <zash@zash.se>2021-02-27 21:07:36 +0100
commitd8bcee69f3b287f8948604e72f76cf543cac33a0 (patch)
tree989e511b3597c2009e0961c7c6d95fe6ccb85a43 /plugins
parentdfaf43cc3f4219d14c633a0e047d65dcc965b862 (diff)
parentaa9e2741d5555d7188b7559b3c089f66ca54e528 (diff)
downloadprosody-d8bcee69f3b287f8948604e72f76cf543cac33a0.tar.gz
prosody-d8bcee69f3b287f8948604e72f76cf543cac33a0.zip
Merge 0.11->trunk
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_http.lua6
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index 8701016e..b9a76c90 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -262,7 +262,7 @@ end
local function get_ip_from_request(request)
local ip = request.conn:ip();
local forwarded_for = request.headers.x_forwarded_for;
- if forwarded_for then
+ if forwarded_for and is_trusted_proxy(ip) then
-- luacheck: ignore 631
-- This logic looks weird at first, but it makes sense.
-- The for loop will take the last non-trusted-proxy IP from `forwarded_for`.
@@ -283,11 +283,11 @@ end
module:wrap_object_event(server._events, false, function (handlers, event_name, event_data)
local request = event_data.request;
- if request and is_trusted_proxy(request.conn:ip()) then
+ if request then
-- Not included in eg http-error events
request.ip = get_ip_from_request(request);
- if not request.secure and request.headers.x_forwarded_proto == "https" then
+ if not request.secure and request.headers.x_forwarded_proto == "https" and is_trusted_proxy(request.conn:ip()) then
request.secure = true;
end
end