aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_http.lua
Commit message (Collapse)AuthorAgeFilesLines
* Merge 0.11->trunkKim Alvefur2021-02-271-3/+3
|\
| * mod_http: Restore ip field for requests without proxiesKim Alvefur2021-02-271-2/+2
| | | | | | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy.
| * mod_http: Fix trusted proxies check (thanks buildbot)Kim Alvefur2021-02-181-1/+1
| | | | | | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk.
* | mod_http: Improve message for missing 'route'Kim Alvefur2021-02-231-1/+1
| | | | | | | | | | This was the late night early draft text, thought I had amended this but apparently I forgot.
* | mod_http: Warn if app is missing 'route'Kim Alvefur2021-02-211-1/+7
| | | | | | | | | | | | | | | | | | | | Makes no sense to have a http module with no handlers Would have helped me when I accidentally module:provides("http", { GET = handler; })
* | mod_http: Allow modifying CORS header list via :provides APIKim Alvefur2019-12-301-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { headers = { Accept = true; Expect = false; }; }; route = { ... }; }); Case might be weird.
* | mod_http: Allow setting the CORS credentials flag via :provides APIKim Alvefur2019-12-301-1/+9
| | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { credentials = true; }; route = { ... }; });
* | mod_http: Optimize proxy IP checkKim Alvefur2021-02-181-0/+3
| | | | | | | | | | No need to do a subnet match comparison to see if two IP addresses match exactly.
* | mod_http: Consider x-forwarded-proto from trusted proxiesKim Alvefur2021-02-181-0/+4
| | | | | | | | | | | | | | Should be better than setting consider_{bosh,websocket}_secure as that may end up causing actually insecure requests to be considered secure. Doing it here, as with IP, should make this apply to all HTTP modules.
* | Merge 0.11->trunkKim Alvefur2021-02-181-1/+1
|\|
| * mod_http: Skip IP resolution in non-proxied caseKim Alvefur2021-02-181-1/+1
| | | | | | | | | | Skips doing the whole get_ip_from_request() dance if the request isn't from a proxy at all, even if the client sent the header for some reason.
* | mod_http: Silence warnings when running under prosodyctlMatthew Wild2020-09-111-2/+4
| |
* | mod_http: Add way to signal that a module supports streaming uploadsKim Alvefur2020-08-011-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #726 API: module:provides("http", { streaming_uploads = true; route = { PUT = function (event) event.request.body_sink = io.tmpfile(); return true; end } })
* | net.http.parser: Allow specifying sink for large request bodiesKim Alvefur2020-08-011-0/+9
| | | | | | | | | | | | | | This enables uses such as saving uploaded files directly to a file on disk or streaming parsing of payloads. See #726
* | mod_http: Support CIDR for trusted proxies.Boris Grozev2020-06-101-1/+16
| |
* | mod_http: Tell luacheck to ignore the long comment linesKim Alvefur2020-05-141-0/+1
| |
* | mod_http: Add documentation to the non-obvious logic of get_ip_from_requestJonas Schäfer2020-05-141-0/+7
| | | | | | | | Because docs are good.
* | mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-291-0/+1
| | | | | | | | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* | mod_http: Log served URLs at 'info' levelKim Alvefur2019-11-291-1/+1
| | | | | | | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything.
* | mod_http: Soften dependency on mod_http_errorsKim Alvefur2019-11-161-1/+3
| | | | | | | | | | | | This allows disabling mod_http_errors by adding it to moduless_disabled and ensures mod_http loads even if the error pages aren't as pretty.
* | mod_http: Unhook CORS related event handlersKim Alvefur2019-10-101-3/+10
| | | | | | | | | | | | | | Prevents CORS related handlers from being left over on reload. BC: `mod_http.apps[app_name][event_name]` is now a table instead of the main handler function.
* | mod_http: Add support for configuring CORS Access-Control-Allow-CredentialsMatthew Wild2019-09-111-2/+6
| |
* | core.certmanager: Do not ask for client certificates by defaultKim Alvefur2019-03-101-3/+0
| | | | | | | | | | | | Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it.
* | mod_http: Determine CORS methods to whitelist from actual methods usedKim Alvefur2019-01-171-2/+9
| |
* | mod_http: Set up to handle OPTIONSKim Alvefur2019-01-181-0/+7
| | | | | | | | | | Lower priority to allow http modules to handle it themselves, should they wish to
* | mod_http: Solve CORS problems once and for allKim Alvefur2018-10-041-0/+19
|/ | | | | | | This blindly allows any cross-site requests. Future work should add an API to allow each HTTP app some influence over this for each HTTP path
* mod_http: Move normalize_path to util.httpKim Alvefur2018-10-141-10/+1
|
* Merge 0.10->trunkKim Alvefur2018-10-141-3/+7
|\
| * mod_http: Make sure path from http_external_url always ends with a slash ↵Kim Alvefur2018-10-141-3/+7
| | | | | | | | (fixes #1183)
* | mod_http: Support global HTTP modulesKim Alvefur2018-09-211-5/+16
| | | | | | | | Such modules simply ignore the Host header and always handle the same path.
* | Revert 2dc7490899ae::5d6b252bc36f: Unfinished and brokenKim Alvefur2018-09-211-12/+2
| |
* | mod_http: Hook the host-less event if hooked from a global moduleKim Alvefur2018-09-211-1/+5
| |
* | net.http.server: Move handling of hosts to mod_httpKim Alvefur2018-09-211-1/+7
| | | | | | | | | | Now an event like `GET /path` is fired at first, and mod\_http dispatches the old `GET host/path` events.
* | mod_http: Rename argument to avoid name clash with outer scope [luacheck]Kim Alvefur2018-07-061-3/+3
| |
* | mod_http: Rename loop variable to avoid name clash [luacheck]Kim Alvefur2018-07-061-2/+2
| |
* | mod_http: Rename loop variable to avoid name clash [luacheck]Kim Alvefur2018-07-061-2/+2
| |
* | mod_http: Silecence harmless warningsKim Alvefur2018-07-061-2/+2
| |
* | mod_http: Pass util.events object to API, fixes tracebackKim Alvefur2018-03-161-1/+1
| |
* | mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) ↵Kim Alvefur2018-03-151-0/+25
| | | | | | | | (fixes #540)
* | Merge 0.10->trunkKim Alvefur2017-01-261-5/+1
|\|
| * util.sslconfig: Remvoe flag merging for 'verify' as this is more of a ↵Kim Alvefur2017-01-261-5/+1
| | | | | | | | tri-state field than a set of options
* | Merge 0.10->trunkKim Alvefur2016-08-181-0/+3
|\|
| * Merge 0.9->0.10Kim Alvefur2016-08-181-0/+3
| |\
| | * mod_http: Allow configuring http parser size limitsKim Alvefur2016-08-181-0/+3
| | |
* | | mod_http: Fix indentation in redir_handlerEmmanuel Gil Peyrot2016-07-241-3/+3
| | |
* | | Update every link to the documentation to use HTTPSEmmanuel Gil Peyrot2016-04-161-1/+1
| | |
* | | plugins/mod_http: Keep query string over automatic redirectsdaurnimator2016-02-151-0/+3
| | |
* | | Backout unintentional commit ed5440a6ef7fMatthew Wild2015-12-031-1/+7
| | |
* | | Merge 0.10->trunkMatthew Wild2015-12-031-7/+1
|/ /
* | Merge 0.9->0.10 (third time lucky)Matthew Wild2015-03-271-0/+8
|\|