| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Reminder to update the configuration if the change is to be permanent.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prefer over X-Forwarded-* since it has an actual specification.
Main practical difference is that Forwarded may carry more properties
than only the IP address since it is a structured header.
Since we parse it into an array, it is easier to do the logical thing
and iterate backwards trough proxies until an untrusted one is
encountered. Compare the handling of X-Forwarded-For.
The 'secure' field now accounts for the full chain of proxies, which
must be secure all the way to be considered secure.
|
|
|
|
|
|
| |
There are hints that this format might be used in X-Forwarded-For as
well, so best handle it everywhere. Strips both brackets and optional
port number.
|
|
|
|
|
|
|
|
| |
Standardized and structured replacement for the X-Forwarded-For,
X-Forwarded-Proto set of headers.
Notably, this allows per-hop protocol information, unlike
X-Forwarded-Proto which is always a single value for some reason.
|
|
|
|
| |
Backs out 895a82c5d8d4 beacuse __freeze already added in a96a2fbcc6c0
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Where gethostname or tohostname returns an invalid name, e.g. containing
underscores or something, to_ascii would reject this and return nil,
which triggers an error in the dns lookup.
Reported by prova2 in the chat, for whom tohostname returned a long name
containing underscores.
|
| |
| |
| |
| |
| | |
Useful to have this info available when juggling metrics, e.g. to
see if things changed between versions.
|
| |
| |
| |
| | |
Module was removed in 0.8.0 in c52b06de9b27
|
| |
| |
| |
| | |
Eases locating the request in logs
|
| | |
|
| |
| |
| |
| |
| | |
Further isolates LuaSec from Prosody core, with the ultimate goal of
allowing LuaSec to be replaced more easily.
|
| |
| |
| |
| |
| | |
Further isolates LuaSec from Prosody core, with the ultimate goal of
allowing LuaSec to be replaced more easily.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rationale: See diffstat
When this module is imported, it ends up calling stty via term_width()
in util.human.io.table(). When this happens outside of a terminal, the
following message is sent to stdout:
stty: 'standard input': Inappropriate ioctl for device
Not importing this module avoids that.
Furthermore three is value in this module having minimal dependencies as
they might not be available when it does the checks.
Ref a1fed82c44b9
|
| | |
|
| |
| |
| |
| |
| | |
Previously the kvsep before and after the kvpairs would have been
included in kvpairs, which is incorrect but should be harmless.
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Could be used to implement custom connection methods (c.f. mod_onions)
without needing to duplicate the rest of route_to_new_session().
Adds a feature to enable detection since it can be difficult to detect
support for an event otherwise.
|
| |
| |
| |
| |
| | |
It is not part of the "real" module API, but used in various places.
Extending the API seems hard to describe in a type-safe way.
|
| |
| |
| |
| | |
To help with configuring reverse proxies.
|
| |
| |
| |
| |
| |
| |
| |
| | |
This could be of help when configuring reverse proxies, as it is the
internal URL the proxy must point at.
Argument treated as an enum "internal" "external"(default) to allow for
future extensibility.
|
| |
| |
| |
| | |
A test case was added in the middle, so all these need to be reordered.
|
| |
| |
| |
| |
| | |
Mirroring debug:events("http"), and to replace the "Firing event: GET /"
log lines in net.http.server
|
| |
| |
| |
| | |
Missing feature. It should behave like debug:events()
|
| |
| |
| |
| |
| |
| |
| |
| | |
Since these are noisy and we have the thing in util.helpers to log
events fired.
The new status line events are meant to replace these as they include
more useful info.
|
| |
| |
| |
| | |
Points out the beginning and end of a request.
|
| | |
|
| |
| |
| |
| |
| | |
Goal is improve tracking of individual HTTP requests throughout its
life-cycle. Having a single ID to use in logging should help here.
|
| |
| |
| |
| |
| |
| | |
If a grant does not have a role, we should not go and make one up.
While not very useful for XMPP if you can't even login, it may be useful
for OAuth2/OIDC.
|
| |
| |
| |
| |
| | |
Such a session triggers errors in module:may or other places since it is
generally expected that a session must have a role.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since throwing a pile of 'access denied', even at debug level, seems
akin to calling wolf :)
Cutting down on debug noise is also good.
Passing a flag instead of using module:could seemed easier here.
|
| |
| |
| |
| | |
Caused by roles changing from table|nil to always table in c2616274bef7
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Closing the session invokes ondisconnect and session close logic,
including mod_smacks hibernation and the timer that destroys the session
after a timeout.
By closing the connection after it has been detached from the sessions
table it will no longer invoke the ondetach handler, which should
prevent the above problem.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
The (still not published) XEP-xxxx: Stream Limits Advertisement uses the
element <max-bytes/> to advertise the maximum octet size of top level
stream elements. "size" was probably a leftover of an even earlier
version of the (Proto)XEP.
|
|\| |
|
| |
| |
| |
| | |
This timer shouldn't kick in in the middle of active mode.
|
| |
| |
| |
| |
| |
| | |
It should not be there afterwards. Noticed that it seems to fire some
time after resumption claiming that the queue size is nil, implying
that it may hold a reference to an expired session somehow.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Removes some dead code and hopefully simplifies a bit.
There's a tree of possibilities with the two tri-state status
properties, something like
chain:
* nil -- cert validation disabled?
* invalid -- something wrong with the chain (including ee cert)
* valid -- chain ok
cert:
* nil -- incomplete validation??
* invalid -- mismatched names or such
* valid -- all good!
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Like 'pattern' but uses Lua patterns instead of Regular Expressions,
since only a subset of regex are also valid Lua patterns.
|
| |
| |
| |
| |
| |
| |
| |
| | |
'patternProperties'
Previous version of this patch used 'patternProperties' but that would
only work with simpler ECMA-262 regular expressions are also valid Lua
patterns.
|
| |
| |
| |
| |
| |
| | |
This doesn't fail because of additionalProperties, looks more like some
issue with recursive definitions and util.jsonpointer that I don't want
feel like investigating now.
|
| | |
|
| |
| |
| |
| | |
It's defined as an object mapping regex to schema, not a single schema
|
| |
| |
| |
| | |
Checks that it doesn't fail on a stanza without <error> tag
|
|\| |
|