aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_bosh.lua
Commit message (Collapse)AuthorAgeFilesLines
* mod_bosh: Set base_type on sessionMatthew Wild2024-03-171-1/+1
| | | | | This fixes a traceback with mod_saslauth. Ideally we move this to util.session at some point, though.
* mod_bosh: Include stream attributes in stream-features eventMatthew Wild2023-10-281-1/+1
| | | | | This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when used with BOSH (that module tries to use event.stream.from).
* plugins: Use integer config API with interval specification where sensibleKim Alvefur2023-07-171-1/+1
| | | | | | | Many of these fall into a few categories: - util.cache size, must be >= 1 - byte or item counts that logically can't be negative - port numbers that should be in 1..0xffff
* plugins: Switch to :get_option_period() for time range optionsKim Alvefur2023-07-161-3/+3
| | | | Improves readability ("1 day" vs 86400) and centralizes validation.
* plugins: Prefix module imports with prosody namespaceKim Alvefur2023-03-241-10/+10
|
* mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)Matthew Wild2022-03-281-0/+3
| | | | | | | | | The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
* mod_bosh: Only enable host-agnostic HTTP routing when enabled globallyKim Alvefur2022-02-041-1/+3
| | | | | | | This way the host-agnostic http://*:5280/ handler is not enabled, but BOSH can still be used with any local VirtualHost Ref #1712
* mod_c2s,etc: Identify stanza object with appropriate functionKim Alvefur2021-10-241-2/+2
| | | | | Better than duck typing, in case anyone ever passes a non-stanza table with a 'name' field.
* mod_bosh: Fix typo in commentKim Alvefur2021-09-191-1/+1
|
* mod_bosh,mod_websocket: Make into global-shared modules (...again)Kim Alvefur2021-06-211-10/+14
| | | | | | | | | | | | Global modules aren't quite considered loaded onto hosts, which causes confusion in some cases. They are also reported in the log as being served on http://*:5280/foo which is also a bit confusing, and can't be clicked. Global modules also have to have their paths configured in the global section, which could be confusing and unexpected. This global+shared method should be the best of both worlds.
* mod_bosh: Add todo to use util.session to create session objectKim Alvefur2021-07-291-0/+1
| | | | | So that we get single point where shared session properties can be added. But not now. One day. Maybe. Patches welcome.
* Fix various spelling errors (thanks codespell)Kim Alvefur2021-07-271-1/+1
| | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos.
* Merge 0.11->trunkMatthew Wild2021-05-131-1/+2
|\
| * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default ↵Matthew Wild2021-05-071-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.
* | mod_bosh: Include warning if endpoint accessed insecurely (#1172)Kim Alvefur2021-02-211-0/+1
| | | | | | | | | | | | | | This is to make it obvious if a misconfigured a proxy or the request really is insecure. Perhaps it should also check c2s_require_encryption?
* | mod_bosh: Use message template from mod_http_errorKim Alvefur2021-02-211-11/+9
| | | | | | | | | | | | Looking Good! And most importantly, consistent.
* | mod_bosh: Count connection attempts non-VirtualHost as "bad host" (stats)Kim Alvefur2020-10-031-0/+2
| |
* | Merge 0.11->trunkKim Alvefur2020-10-031-1/+18
|\|
| * mod_bosh: Ensure that stream is directed to a VirtualHost (fixes #425)Kim Alvefur2020-10-031-0/+16
| |
| * mod_bosh: Pick out the 'wait' before checking it instead of earlierKim Alvefur2020-10-031-1/+2
| | | | | | | | | | Going to add more host related checks, so to keep the wait variable closer to the related checks
* | mod_bosh, mod_websocket: Add config options to override GET responsesMatthew Wild2020-04-201-4/+6
| |
* | mod_bosh: Abort early if request is missing hostnameKim Alvefur2019-11-021-0/+9
| | | | | | | | Prevents traceback from passing nil to nameprep()
* | plugins: Remove tostring call from loggingKim Alvefur2019-07-301-8/+8
| | | | | | | | | | | | Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()`
* | mod_bosh: Added metrics for active/inactive sessions, new BOSH sessions, ↵Arc Riley2019-05-031-2/+28
| | | | | | | | BOSH errors, and timeouts (finishes #998)
* | mod_bosh, mod_websocket: Remove accidentally included dependency on ↵Kim Alvefur2019-01-191-1/+0
| | | | | | | | non-existant module
* | mod_bosh: Drop CORS code in favor of than in mod_httpKim Alvefur2018-10-041-25/+5
|/ | | | | This deprecates the cross_domain_bosh setting. As a compat measure, if it is set, mod_http_crossdomain is loaded.
* mod_bosh: Handle missing wait attribute (fixes #1288)Kim Alvefur2019-01-101-1/+1
| | | | 250855633092 did not fix this completely.
* mod_bosh: Fire stream feature event on hosts (thanks gerald)Kim Alvefur2018-09-241-1/+1
| | | | | Since the module is now global, this event was also fired in a global context by default.
* mod_bosh: Make BOSH global again!Kim Alvefur2018-09-221-5/+2
|
* mod_bosh: Add extra debug logging to help with #1134Kim Alvefur2018-05-151-0/+6
|
* mod_bosh: Fix inconsistent whitespace [luacheck]Kim Alvefur2018-05-011-2/+2
|
* mod_bosh: Fix for 7be8f649d97d to skip error handling and allow other ↵Matthew Wild2018-04-291-3/+6
| | | | modules to handle the request
* mod_bosh: Increase number of stored responses to ensure we always keep ↵Matthew Wild2018-04-111-1/+1
| | | | responses within the rid window available
* mod_bosh: Improve connection robustness with better handling of unexpected ridsMatthew Wild2018-04-101-12/+19
|
* mod_bosh: Some additonal comments to improve code readabilityMatthew Wild2018-04-101-1/+3
|
* mod_bosh: WhitespaceMatthew Wild2018-04-101-1/+0
|
* mod_bosh: Improve logging - parse errors will now log through the session ↵Matthew Wild2018-04-101-1/+2
| | | | logger if possible
* mod_bosh: Improve logging on session close (reason may be a table with params)Matthew Wild2018-04-101-1/+1
|
* mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) ↵Kim Alvefur2018-03-151-17/+1
| | | | (fixes #540)
* mod_bosh: Return implicit 404 instead of the proper BOSH terminate thingKim Alvefur2017-12-271-6/+3
|
* mod_bosh: Limit stream to current host (fixes #371)Kim Alvefur2017-12-131-2/+1
|
* mod_bosh: Make into a normal module (fixes #402)Kim Alvefur2017-12-131-16/+12
|
* mod_bosh: Use module API to fire eventsKim Alvefur2017-12-131-2/+2
|
* mod_bosh: Use moduleapi loggerKim Alvefur2017-12-131-1/+1
|
* mod_bosh: Rename variable to avoid name clash [luacheck]Kim Alvefur2017-12-131-3/+3
|
* mod_bosh: Ignore unused argument [luacheck]Kim Alvefur2017-12-131-1/+1
|
* mod_bosh: Remove unused variable [luacheck]Kim Alvefur2017-12-131-1/+0
|
* Merge 0.10 -> trunkMatthew Wild2017-07-281-1/+1
|\
| * mod_bosh: Add ::1 to the default trusted_proxies.Emmanuel Gil Peyrot2017-07-161-1/+1
| |
* | Merge 0.10->trunkKim Alvefur2017-04-201-1/+3
|\|