| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
This may have mistakenly caused link-local addresses to be considered
global. May have caused mod_s2s and prosodyctl check dns to behave
incorrectly on networks using link-local IPv4 addresses. By my
guesstimate, these are extremely rare. Probably minimal impact beyond
a bit longer to establish s2s and some possible confusion from
prosodyctl check dns results.
Ref RFC 3927
|
|
|
|
| |
It will do nothing in a VirtualHost section for example.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally added in 202b9951b037 but util.pubsub gained a better method
in 6c2c2fc4b8dd since then, which mod_pep uses since 9194431b6447 which
should have deleted this.
All these :create calls would have failed with a 'conflict' error, since
the nodes had already been created. This was never noticed because of
missing error handling.
Also note that this code did not restore node configuration.
|
|
|
|
|
| |
This should not be possible, but a traceback indicating node_data being
nil here was reported by Ron in the chat.
|
| |
|
|
|
|
|
|
|
| |
Backs out 1d0862814bfc and 2fdd71b08126
Largely unused, undocumented and did not have enough tests to provide
confidence in its correct operation.
|
| |
|
| |
|
|
|
|
|
| |
Previously no 'proxy65_acl' option would allow unrestricted access by local or
remote JIDs.
|
| |
|
| |
|
| |
|
|
|
|
| |
This requires LuaSec 0.7+ and OpenSSL 1.1.1+
|
| |
|
| |
|
|
|
|
|
| |
Due to a bug this field was not properly exported before
See https://github.com/brunoos/luasec/issues/149
|
|
|
|
|
|
|
| |
stream
This may be useful for any plugins that want to experiment with different policies
for stanza size limits (e.g. unauthenticated vs authenticated streams).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The de-facto interpretation of this (undocumented) option is to indicate to
the client whether it is allowed to invite other users to the MUC.
This is differs from the existing option in our config form, which only
controls the behaviour of sending of invites in a members-only MUC (we always
allow invites in open rooms).
Conversations is one client known to use this disco#info item to determine
whether it may send invites.
|
|
|
|
| |
secrets
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
stanza size limits
c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB.
These values are aligned with ejabberd's default settings, which should reduce
issues related to inconsistent size limits between servers on the XMPP network.
The previous default (10MB) is excessive for any production server, and allows
significant memory usage by even unauthenticated sessions.
|
|
|
|
|
|
|
|
|
| |
Testing has demonstrated that the default GC parameters are not
sufficient to prevent runaway memory growth when running under Lua 5.2
and Lua 5.3.
Setting the GC speed to 500 was tested on Lua versions 5.1->5.4 and did
not display unbounded memory growth.
|
| |
|
| |
|
|
|
|
|
|
| |
This many returns deserve their own line.
`session["sasl_handler"]` style isn't used anywhere else.
|
| |
|
|
|
|
|
| |
We don't use the quoted table indexing style that often, it's not needed
here and it's enough to check for falsyness rather than `nil`.
|
|
|
|
| |
Unclear how this happens.
|
|
|
|
| |
Fixes #1515
|
|
|
|
| |
Fixes #1507
|
|
|
|
|
| |
8603011e51fe optimized out more than just the loop, leaving the .ip
field blank when the request wasn't from a proxy.
|
|
|
|
|
| |
is_trusted_proxy() is only in trunk, I dun goofed when I rebased
8603011e51fe from trunk.
|
|
|
|
|
| |
Skips doing the whole get_ip_from_request() dance if the request isn't
from a proxy at all, even if the client sent the header for some reason.
|
| |
|
|
|
|
|
| |
Noticed while discussing feature discovery in Gajim
Thanks lovetox
|
| |
|
|
|
|
| |
Thanks Ge0rG for testing
|
|
|
|
| |
Thanks tmolitor
|
|
|
|
| |
See longer explanation in 2c559953ad41
|
|
|
|
|
|
|
|
| |
This makes sure that a timer that returns 0 (or less) does not prevent
runtimers() from completing, as well as making sure a timer added with
zero timeout from within a timer does not run until the next tick.
Thanks tmolitor
|
|
|
|
|
| |
valid_utf8() takes only one argument, so the false was probably meant
to be valid_xml_cdata(text, attribute=false)
|
|
|
|
|
| |
Directly sending something over s2s needs to use sends2s() but the code
copied from mod_c2s had .send()
|
|
|
|
| |
(thanks damencho)
|
|
|
|
|
|
|
|
|
| |
This will result in the stream timing out instead, which is probably
correct if the stream has not been opened yet.
This was already done for c2s in e69df8093387
Thanks Ge0rG
|
|
|
|
| |
In some cases this method returns nothing, unclear why.
|
|
|
|
|
|
|
|
| |
The 'tls-unique' channel binding is undefined in TLS 1.3 according to a
single sentence in parenthesis in Apendix C of RFC 8446
This may trigger downgrade protection in clients that were expecting
channel binding to be available.
|
| |
|